Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
BitTorrent-7.6.exe

Overview

General Information

Sample name:BitTorrent-7.6.exe
Analysis ID:1430082
MD5:ded1f11c105f1ef534e1d3f08d192127
SHA1:3186b98376bde648824b7e36d14070184de69cd2
SHA256:f778566a62b26ae58d564e9e473531a055b936fa90d068fc03e1867b598f30b8
Infos:

Detection

Score:42
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:48
Range:0 - 100

Signatures

Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Contains functionality to detect sleep reduction / modifications
Delayed program exit found
Found API chain indicative of debugger detection
Machine Learning detection for dropped file
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Checks if the current process is being debugged
Connects to several IPs in different countries
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to simulate keystroke presses
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found evasive API chain (may stop execution after accessing registry keys)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check if the current machine is a sandbox (GetTickCount - Sleep)
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • BitTorrent-7.6.exe (PID: 6508 cmdline: "C:\Users\user\Desktop\BitTorrent-7.6.exe" MD5: DED1F11C105F1EF534E1D3F08D192127)
    • BitTorrent-7.6.exe (PID: 2840 cmdline: "C:\Users\user\Desktop\BitTorrent-7.6.exe" /PERFORMINSTALL 30207 "C:\Program Files (x86)\BitTorrent" 1707618228 MD5: DED1F11C105F1EF534E1D3F08D192127)
    • BitTorrent.exe (PID: 352 cmdline: BitTorrent.exe /NOINSTALL /BRINGTOFRONT MD5: 3185EE10379B592B64AD9BC098C9309C)
  • BitTorrent.exe (PID: 7480 cmdline: "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED MD5: 3185EE10379B592B64AD9BC098C9309C)
  • BitTorrent.exe (PID: 7540 cmdline: "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED MD5: 3185EE10379B592B64AD9BC098C9309C)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: CurrentVersion Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\BitTorrent\BitTorrent.exe, ProcessId: 352, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BitTorrent

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\uttE3C4.tmpAvira: detection malicious, Label: PUA/OpenCandy.Gen
Multi AV Scanner detection for dropped file
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeReversingLabs: Detection: 22%
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeVirustotal: Detection: 27%Perma Link
Source: C:\Users\user\AppData\Local\Temp\utt267C.tmp.zipReversingLabs: Detection: 30%
Source: C:\Users\user\AppData\Local\Temp\utt267C.tmp.zipVirustotal: Detection: 23%Perma Link
Source: C:\Users\user\AppData\Local\Temp\utt35EC.tmp.zipReversingLabs: Detection: 30%
Source: C:\Users\user\AppData\Local\Temp\utt35EC.tmp.zipVirustotal: Detection: 23%Perma Link
Source: C:\Users\user\AppData\Local\Temp\utt40AA.tmp.zipReversingLabs: Detection: 22%
Source: C:\Users\user\AppData\Local\Temp\utt40AA.tmp.zipVirustotal: Detection: 27%Perma Link
Source: C:\Users\user\AppData\Local\Temp\utt6F6B.tmp.zipReversingLabs: Detection: 22%
Source: C:\Users\user\AppData\Local\Temp\utt6F6B.tmp.zipVirustotal: Detection: 27%Perma Link
Source: C:\Users\user\AppData\Local\Temp\uttE3C4.tmpReversingLabs: Detection: 59%
Source: C:\Users\user\AppData\Local\Temp\uttE3C4.tmpVirustotal: Detection: 57%Perma Link
Multi AV Scanner detection for submitted file
Source: BitTorrent-7.6.exeVirustotal: Detection: 23%Perma Link
Source: BitTorrent-7.6.exeReversingLabs: Detection: 30%
Machine Learning detection for dropped file
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeJoe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\utt40AA.tmp.zipJoe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\utt6F6B.tmp.zipJoe Sandbox ML: detected
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeCode function: 0_2_004E3D0A CryptAcquireContextA,CryptAcquireContextA,GetLastError,0_2_004E3D0A
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeCode function: 0_2_004E4E14 CryptCreateHash,CryptHashData,memcpy,memcpy,0_2_004E4E14
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeCode function: 0_2_004E3D87 CryptDestroyHash,0_2_004E3D87
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeCode function: 0_2_004E4EDD CryptGetHashParam,CryptDestroyHash,0_2_004E4EDD
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeCode function: 4_2_004E3D0A CryptAcquireContextA,CryptAcquireContextA,GetLastError,4_2_004E3D0A
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeCode function: 4_2_004E4E14 CryptCreateHash,CryptHashData,memcpy,memcpy,4_2_004E4E14
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeCode function: 4_2_004DEB2E CryptAcquireContextW,CryptAcquireContextW,CryptAcquireContextW,CryptGenRandom,CryptReleaseContext,4_2_004DEB2E
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeCode function: 4_2_004E3D87 CryptDestroyHash,4_2_004E3D87
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeCode function: 4_2_004E4EDD CryptGetHashParam,CryptDestroyHash,4_2_004E4EDD
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION BitTorrent.exeJump to behavior

Compliance

barindex
Uses 32bit PE files
Source: BitTorrent-7.6.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
PE / OLE file has a valid certificate
Source: BitTorrent-7.6.exeStatic PE information: certificate valid
Uses secure TLS version for HTTPS connections
Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknownHTTPS traffic detected: 99.86.228.107:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.4:49764 version: TLS 1.2
Contains modern PE file flags such as dynamic base (ASLR) or NX
Source: BitTorrent-7.6.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Binary contains paths to debug symbols
Source: Binary string: rsaenh.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wkernel32.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001370000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: bcrypt.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ucrtbase.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: msvcrt.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001370000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wrpcrt4.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001370000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498788931.0000000001221000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: CoreMessaging.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: AppResolver.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: SLC.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: winnsi.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: cryptsp.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: cryptbase.pdbG source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: advapi32.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001370000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wsspicli.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: userenv.pdb% source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ntmarta.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: CLBCatQ.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: urlmon.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: bcryptprimitives.pdb% source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wkernelbase.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001370000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: shlwapi.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TextShaping.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: usp10.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: dwmapi.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: srvcli.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: comdlg32.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ws2_32.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: dbgcore.pdb9 source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: OneCoreCommonProxyStub.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: iphlpapi.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: nsi.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: srvcli.pdbs source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ole32.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: iertutil.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: msasn1.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: cfgmgr32.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Windows.Storage.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: combase.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wuser32.pdb% source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TextShaping.pdb/ source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ncrypt.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: msls31.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: dpapi.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: secur32.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: apphelp.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001370000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: rasadhlp.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: netutils.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Bcp47Langs.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: WinTypes.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wininet.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: winhttp.pdb[ source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wgdi32full.pdb% source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: c:\buildbot\bt_release_slave\bt_release_test\build\BitTorrent Release I18N VC6LIB\bittorrent.pdb source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmp
Source: Binary string: Kernel.Appcore.pdb% source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: shcore.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wwin32u.pdbe source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: riched20.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: sppc.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wgdi32.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: iphlpapi.pdbQ source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: shell32.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wininet.pdbI source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: msvcp_win.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: dnsapi.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wimm32.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: userenv.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: CoreUIComponents.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wwin32u.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: setupapi.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: winhttp.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: msimg32.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wUxTheme.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ntasn1.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Windows.StateRepositoryPS.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ntasn1.pdbk source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: OnDemandConnRouteHelper.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: dbghelp.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Windows.Storage.pdb% source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: msasn1.pdbu source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: profapi.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wgdi32full.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: WLDP.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: sechost.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001370000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: propsys.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: AppResolver.pdbm source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: msctf.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wmswsock.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: version.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TextInputFramework.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: dbgcore.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: CLBCatQ.pdb] source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: dbghelp.pdb# source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Kernel.Appcore.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: psapi.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: fwpuclnt.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: cryptbase.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: bcryptprimitives.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: msls31.pdba source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: oleaut32.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: OneCoreUAPCommonProxyStub.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wuser32.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: comctl32.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: edputil.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: crypt32.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeCode function: 0_2_0046FA5E FindFirstFileW,FindClose,0_2_0046FA5E
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeCode function: 4_2_00470087 FindFirstFileW,FindNextFileW,FindClose,4_2_00470087
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeCode function: 4_2_0046FA5E FindFirstFileW,FindClose,4_2_0046FA5E
Source: unknownNetwork traffic detected: IP country count 31
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 67.215.246.10:6881
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 82.221.103.244:6881
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 152.58.163.95:55747
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 186.158.228.1:38865
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 89.22.52.102:15019
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 146.158.2.27:58048
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 87.236.30.53:19201
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 81.13.147.127:51413
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 177.50.201.96:37789
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 39.170.9.113:57210
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 94.190.5.69:6881
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 188.143.209.11:6881
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 5.138.125.33:30047
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 69.138.242.1:58255
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 27.224.235.174:14160
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 45.94.208.26:43198
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 65.108.78.54:6881
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 162.55.243.114:2910
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 45.142.112.53:32681
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 49.12.86.202:6883
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 152.53.34.217:63044
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 195.170.172.78:6881
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 179.255.242.57:53923
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 165.228.220.187:6889
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 31.10.174.45:14553
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 213.91.250.100:61027
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 37.19.206.37:16427
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 177.105.244.238:14466
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 177.192.7.234:2327
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 173.69.27.254:6882
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 181.46.166.112:44652
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 95.8.96.167:52838
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 181.232.179.171:37580
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 184.145.224.229:28111
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 41.90.189.33:4446
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 211.103.112.139:25285
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 119.111.242.57:1867
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 181.232.243.171:31537
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 115.22.129.61:17055
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 123.129.129.158:6881
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 95.25.120.227:1636
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 80.240.209.148:55396
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 126.22.109.75:12127
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 153.195.218.248:14212
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 187.213.203.118:6881
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 37.3.205.143:65269
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 90.151.95.121:2923
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 95.189.77.24:8240
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 51.75.45.182:30149
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 31.220.173.230:21086
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 220.87.49.145:32812
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 213.87.102.59:8114
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 124.220.16.156:26389
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 14.4.100.74:60124
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 109.63.201.204:13661
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 74.206.43.191:9010
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 136.243.96.42:1688
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 193.168.176.1:7553
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 59.126.118.214:22222
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 101.93.172.79:9003
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 198.53.44.177:55153
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 122.142.117.18:51413
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 54.214.62.55:6881
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 60.26.64.129:60003
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 70.29.80.124:6881
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 176.29.1.147:7509
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 95.216.96.160:53407
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 18.220.82.190:6881
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 5.145.195.5:6881
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 13.58.27.33:6881
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 54.70.28.180:6881
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 177.184.240.1:40471
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 222.121.162.21:17678
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 185.16.39.225:54167
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 195.78.54.214:22725
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 14.251.71.68:11951
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 18.218.241.3:6881
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 69.50.95.167:57367
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 223.109.185.6:6891
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 58.143.53.17:41170
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 181.209.195.5:53838
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 176.37.166.210:20487
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 110.84.72.216:21728
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 108.51.58.116:6881
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 18.223.137.220:6881
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 115.173.80.178:9292
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 54.194.135.233:6992
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 1.237.27.50:6881
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 223.109.147.85:6882
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 182.221.141.232:58588
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 212.75.158.193:49001
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 211.247.91.194:53458
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 177.37.174.173:12590
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 125.131.94.131:6881
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 82.112.52.54:6881
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 95.104.190.210:38733
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 54.214.105.212:6881
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 188.165.210.225:36897
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 81.101.168.230:60073
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 45.188.17.101:52688
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 112.161.174.214:32976
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 80.95.45.150:5122
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 59.173.49.107:6881
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 54.70.174.84:6881
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 197.184.176.1:62817
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 183.101.229.67:40894
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 115.86.172.219:41175
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 34.235.218.124:6880
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 112.85.139.111:6882
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 5.9.123.177:51413
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 130.255.58.209:2079
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 221.151.61.134:55606
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 220.116.237.180:41198
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 190.205.205.188:34914
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 139.227.122.215:15409
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 5.8.222.178:6881
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 182.118.46.36:40172
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 177.98.202.202:38670
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 188.246.252.29:48327
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 47.116.75.1:6880
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 13.114.205.93:6892
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 75.119.138.164:6881
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 24.50.234.178:64235
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 92.118.60.29:10675
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 176.97.70.169:6882
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 49.34.138.202:52067
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 24.50.234.169:52745
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 84.17.46.214:4781
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 38.253.146.159:26462
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 120.0.60.242:1267
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 78.173.82.159:38001
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 152.58.211.13:45325
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 81.206.196.205:35885
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 15.204.0.70:6881
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 180.97.220.148:4445
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 180.45.193.147:19541
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 118.116.96.24:8429
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 14.10.64.1:22191
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 196.187.212.29:37487
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 102.189.59.40:46667
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 1.180.24.52:29469
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 51.210.178.49:6881
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 37.48.94.73:28006
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 86.90.231.43:51314
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 50.47.220.64:17460
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 70.73.233.118:32249
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 2.34.90.28:51413
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 194.61.120.72:59132
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 146.70.175.70:61710
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 212.58.119.115:16314
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 166.199.232.1:59195
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 95.68.204.29:35859
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 186.241.125.143:43975
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 116.237.169.191:57210
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 38.180.29.16:6882
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 218.93.206.90:17006
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 14.161.253.143:43361
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 110.88.206.139:5612
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 1.192.68.64:1025
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 92.99.4.119:2668
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 190.87.168.1:3510
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 120.239.191.109:3462
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 118.120.230.146:51413
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 176.9.62.188:6881
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 168.205.37.237:4621
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 60.175.233.119:22728
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 186.210.80.62:29632
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 80.11.84.29:6889
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 58.246.190.130:57210
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 24.76.114.147:14652
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 92.253.30.176:61040
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 138.186.31.34:7536
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 46.150.45.242:6881
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 45.162.74.202:50321
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 108.253.94.176:14057
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 176.101.234.241:1091
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 168.119.13.211:57017
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 114.122.228.127:38369
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 136.158.44.34:42871
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 181.44.124.47:54000
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 120.235.11.56:6697
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 174.24.106.245:6882
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 66.81.169.64:38447
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 81.246.154.208:55184
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 178.16.172.230:25022
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 86.8.88.167:56429
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 168.90.7.194:7335
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 183.199.66.241:29685
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 14.164.53.84:38338
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 24.119.185.238:15010
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 222.92.122.210:49568
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 106.195.44.38:37000
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 14.58.95.34:6881
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 72.83.32.92:6881
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 117.160.220.106:13332
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 180.171.191.81:49097
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 178.212.97.206:37316
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 58.153.35.116:6881
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 72.39.95.38:6881
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 134.41.173.176:14074
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 58.84.135.6:20085
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 152.58.199.194:1079
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 185.16.39.228:54197
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 52.9.197.152:6881
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 24.48.26.106:50614
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 106.253.208.41:8020
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 216.247.36.123:43429
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 2.94.25.230:20482
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 97.73.128.6:23599
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 146.70.175.68:51184
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 152.58.19.88:52007
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 94.57.137.155:17855
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 80.187.84.29:6295
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 176.63.16.58:27858
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 187.220.42.252:52374
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 92.184.121.249:47799
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 88.171.50.213:63080
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 185.148.3.203:11161
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 88.151.32.222:1385
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 110.136.40.22:51519
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 116.82.13.86:56328
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 176.118.158.139:61065
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 140.249.254.113:6885
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 190.143.250.136:51315
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 178.66.80.243:62645
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 138.117.194.160:19087
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 58.70.79.100:6889
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 5.137.16.35:49001
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 37.98.140.104:38077
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 104.218.179.120:63112
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 178.215.72.33:5291
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 223.146.196.186:51413
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 190.105.214.237:52030
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 190.53.249.253:23880
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 73.22.92.243:28621
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 220.87.123.13:6881
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 50.46.15.159:12500
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 88.201.206.13:20996
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 221.11.96.68:22530
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 58.214.187.222:6881
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 216.83.132.119:47907
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 164.163.4.119:52604
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 134.255.122.136:18234
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 166.175.188.96:5281
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 5.53.238.244:35746
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 120.84.11.72:15277
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 152.59.192.135:54782
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 103.255.145.70:1028
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 106.221.198.80:62514
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 84.27.192.135:37075
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 46.191.188.96:65200
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 36.102.218.148:4446
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 97.120.118.206:14560
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 70.29.77.188:6881
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 54.77.218.23:6992
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 186.206.255.46:11706
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 78.165.134.171:44965
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 90.188.245.175:3041
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 218.89.187.224:14462
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 186.132.53.84:1024
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 156.146.51.131:35407
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 200.115.244.198:6881
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 119.203.248.16:7967
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 73.104.36.246:6881
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 5.29.209.61:6881
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 94.158.59.37:7769
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 190.238.59.37:17451
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 212.7.201.32:28001
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 218.62.100.135:57210
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 181.41.227.179:12914
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 47.15.37.100:60977
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 175.163.66.39:57210
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 72.50.6.124:54782
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 152.58.227.135:33766
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 96.51.108.10:53215
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 102.141.52.2:23154
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 190.61.114.234:6881
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 58.60.1.21:37677
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 106.220.129.21:12896
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 111.31.55.47:2054
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 58.178.127.122:6881
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 170.80.154.191:50721
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 59.52.216.234:1138
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 5.8.228.246:19308
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 181.209.151.242:33813
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 201.17.83.212:24790
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 114.31.184.107:50137
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 114.79.57.255:6881
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 71.174.226.33:46472
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 165.49.23.242:53123
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 186.194.20.53:7745
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 201.75.1.154:46329
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 36.75.64.135:7574
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 120.29.97.230:9842
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 79.155.167.123:8621
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 170.203.211.139:4399
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 157.97.23.242:6881
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 146.19.24.47:54747
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 144.255.19.32:1033
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 41.33.151.242:53318
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 42.3.66.96:3004
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 83.198.205.119:17805
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 83.227.149.165:6881
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 112.71.42.143:18476
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 145.224.73.67:15578
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 177.128.9.67:11802
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 73.137.58.71:1269
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 197.0.201.67:49195
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 120.188.38.163:48303
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 222.220.26.128:9235
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 190.211.211.112:38249
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 51.171.56.61:51413
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 217.72.36.246:6889
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 45.65.215.242:57029
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 103.149.159.175:12200
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 39.149.150.154:15377
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 109.224.73.67:40273
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 37.201.186.71:8112
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 181.57.122.71:50159
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 188.190.92.147:15613
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 218.103.188.155:62174
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 103.117.31.159:46588
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 75.140.108.171:43620
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 157.48.73.67:37000
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 54.194.124.68:6882
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 99.127.54.255:6881
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 59.14.113.186:7710
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 181.31.165.243:25983
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 183.197.20.167:25724
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 169.224.3.44:15547
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 208.87.240.21:11161
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 94.23.249.222:12165
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 186.224.152.92:33837
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 79.116.216.234:46727
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 157.48.137.67:58256
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 213.24.125.2:8212
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 81.242.222.61:41009
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 189.34.199.201:20698
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 94.72.103.207:10240
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 37.243.192.140:31990
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 37.187.75.111:35328
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 178.170.48.154:6339
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 148.135.56.150:6881
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 39.149.90.27:48020
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 5.184.125.2:27059
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 117.217.58.71:6926
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 193.233.122.71:63424
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 95.86.197.251:6881
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 157.48.131.44:37000
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 27.154.26.125:3642
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 185.215.167.200:57725
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 91.151.136.209:31083
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 181.225.142.6:5063
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 211.62.251.213:18355
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 189.63.227.214:13651
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 45.177.2.76:56490
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 187.22.131.222:9514
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 223.182.3.222:8205
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 152.167.182.183:51996
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 202.61.240.22:6881
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 123.23.200.209:62394
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 31.220.87.153:10240
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 189.182.28.152:25292
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 131.161.29.10:59621
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 101.91.114.48:6881
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 95.214.52.159:1912
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 18.188.31.0:6881
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 51.36.141.84:1608
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 5.107.180.205:51102
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 171.76.245.95:43357
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 185.82.199.201:47086
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 197.33.132.105:6881
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 103.85.36.148:25273
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 67.188.191.48:43069
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 217.27.120.135:56743
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 49.34.139.131:49527
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 223.194.196.109:22302
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 211.141.120.117:56107
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 188.73.239.131:44299
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 35.155.156.153:6881
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 62.45.105.29:7735
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 113.74.127.194:17119
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 24.50.234.162:11739
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 109.202.63.194:1189
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 181.43.120.135:12540
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 91.165.10.17:38699
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 189.48.199.234:6881
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 31.21.6.105:51413
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 178.49.194.39:22976
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 87.196.75.113:56120
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 191.156.63.194:55129
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 191.156.48.15:38782
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 157.35.76.198:55681
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 37.211.76.198:60922
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 223.78.80.48:18550
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 129.146.58.250:51413
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 31.17.253.25:41379
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 111.58.86.109:8410
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 174.126.156.240:47203
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 5.133.93.58:39233
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 187.73.201.88:5073
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 84.197.223.204:51413
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 31.208.186.92:20231
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 83.233.137.88:23438
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 177.35.204.198:11870
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 185.218.127.194:51765
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 153.151.226.28:51413
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 95.57.101.1:4132
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 36.102.218.217:26016
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 119.249.201.88:16520
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 37.111.143.143:9223
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 49.207.207.143:11675
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 27.214.236.103:57210
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 110.18.98.146:55490
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 41.249.182.13:10073
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 119.13.62.80:54523
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 195.154.172.179:27104
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 197.238.200.202:51449
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 117.14.136.202:5839
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 177.222.36.147:45079
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 181.174.228.147:52395
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 83.233.192.89:62004
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 219.109.62.39:6880
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 78.37.60.219:25533
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 185.21.216.144:57047
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 5.129.13.104:61275
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 185.16.138.45:6400
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 95.156.116.210:8999
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 177.245.153.11:38157
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 85.49.141.104:43509
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 105.161.141.104:2964
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 191.3.115.147:43109
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 107.189.4.51:10240
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 37.204.6.64:38096
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 49.204.198.64:45858
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 49.172.134.64:36141
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 1.36.251.18:9342
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 189.63.161.53:17023
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 37.151.197.233:51413
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 177.215.85.116:56610
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 223.233.73.88:24756
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 119.112.241.33:51413
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 185.192.71.234:6454
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 193.168.179.171:2631
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 18.221.7.72:6881
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 54.214.62.31:6881
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 36.102.218.196:17731
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 157.45.193.5:50881
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 5.228.114.1:6024
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 18.116.128.220:6880
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 122.195.111.6:51413
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 104.34.45.24:20617
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 217.165.153.147:13117
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 177.245.152.110:44835
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 85.148.69.193:6881
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 184.56.71.32:9010
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 179.152.249.221:6881
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 103.212.214.205:26275
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 47.29.165.201:59169
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 45.232.190.108:36206
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 178.184.48.142:24737
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 87.103.13.66:21113
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 39.130.102.199:64326
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 51.75.78.69:6891
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 37.153.57.41:49235
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 47.34.244.214:6881
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 169.224.105.80:20863
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 5.53.117.68:52864
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 27.72.88.231:6881
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 177.139.54.232:51413
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 145.224.74.45:18879
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 189.106.228.91:52720
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 121.27.251.162:29828
Source: global trafficUDP traffic: 192.168.2.4:48539 -> 49.43.163.30:48108
Source: Joe Sandbox ViewIP Address: 82.221.103.244 82.221.103.244
Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: unknownTCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 152.195.50.149
Source: unknownTCP traffic detected without corresponding DNS query: 152.195.50.149
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknownTCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknownTCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknownTCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 152.58.163.95
Source: unknownUDP traffic detected without corresponding DNS query: 186.158.228.1
Source: unknownUDP traffic detected without corresponding DNS query: 89.22.52.102
Source: unknownUDP traffic detected without corresponding DNS query: 172.59.185.110
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=BkF6WMT3gCc+p+d&MD=uobSk+lL HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /sites/default/files/bittorrent2_favicon.ico HTTP/1.1Host: www.bittorrent.comUser-Agent: BTWebClient/7600(26618)Accept-Encoding: gzip
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=BkF6WMT3gCc+p+d&MD=uobSk+lL HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /installoffer.php?h=LGrCdlzYZ6xdNXqD&v=247556090&w=23F00206&l=en&c=CH&w64=1&db=iexplore.exe&cl=BitTorrent&svp=4 HTTP/1.1Accept-Encoding: gzipUser-Agent: BitTorrent/7600(26618)Host: update.utorrent.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /utorrent-onboarding/player.btapp HTTP/1.1Accept-Encoding: gzipUser-Agent: BitTorrent/7600(26618)Host: apps.bittorrent.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /utorrent-onboarding/welcome.btapp HTTP/1.1Accept-Encoding: gzipUser-Agent: BitTorrent/7600(26618)Host: apps.bittorrent.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /utorrent-onboarding/plus-bt.btapp HTTP/1.1Accept-Encoding: gzipUser-Agent: BitTorrent/7600(26618)Host: apps.bittorrent.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /utorrent-onboarding/welcome.btapp HTTP/1.1Accept-Encoding: gzipUser-Agent: BitTorrent/7600(26618)Host: apps.bittorrent.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /utorrent-onboarding/plus-bt.btapp HTTP/1.1Accept-Encoding: gzipUser-Agent: BitTorrent/7600(26618)Host: apps.bittorrent.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /utorrent-onboarding/player.btapp HTTP/1.1Accept-Encoding: gzipUser-Agent: BitTorrent/7600(26618)Host: apps.bittorrent.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /utorrent-onboarding/welcome.btapp HTTP/1.1Accept-Encoding: gzipUser-Agent: BitTorrent/7600(26618)Host: apps.bittorrent.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /utorrent-onboarding/plus-bt.btapp HTTP/1.1Accept-Encoding: gzipUser-Agent: BitTorrent/7600(26618)Host: apps.bittorrent.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /discoverContent/discoverContent.btapp?h=LGrCdiDYZ6xdNXqD&v=247556090&ol=en&ul=&tk=main&c=BitTorrent HTTP/1.1Host: apps.bittorrent.comUser-Agent: BTWebClient/7600(26618)Accept-Encoding: gzipConnection: CloseData Raw: 0d 0a Data Ascii:
Source: global trafficHTTP traffic detected: GET /utorrent-onboarding/player.btapp HTTP/1.1Accept-Encoding: gzipUser-Agent: BitTorrent/7600(26618)Host: apps.bittorrent.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /sites/default/files/bittorrent2_favicon.ico HTTP/1.1Host: www.bittorrent.comUser-Agent: BTWebClient/7600(26618)Accept-Encoding: gzipConnection: CloseData Raw: 0d 0a Data Ascii:
Source: global trafficHTTP traffic detected: GET /discoverContent/discoverContent.btapp?h=LGrCdiDYZ6xdNXqD&v=247556090&ol=en&ul=&tk=main&c=BitTorrent HTTP/1.1Host: apps.bittorrent.comUser-Agent: BTWebClient/7600(26618)Accept-Encoding: gzipConnection: CloseData Raw: 0d 0a Data Ascii:
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.mininova.orgUser-Agent: BTWebClient/7600(26618)Accept-Encoding: gzipConnection: CloseData Raw: 0d 0a Data Ascii:
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: C$rEhttp://www.facebook.com/plugins/like.php?.cleverbridge.comcleverbridge.com.utorrent.com.bittorrent.comhttp://featuredcontent.staging.utorrent.comhttp://featuredcontent.utorrent.com/mailto:btresource://msgfromSzE equals www.facebook.com (Facebook)
Source: BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: K.Kindexvlccancelledhttps://www.facebook.com/dialog/oauthclient_id=%S&redirect_uri=%s&response_type=token&display=popup%s&scope=%Shttp://www.facebook.com/checkpoint/https://www.facebook.com/checkpoint/http://www.facebook.com/dialog/permissions.requesthttps://www.facebook.com/dialog/permissions.requesthttp://www.facebook.com/connect/uiserver.phphttps://www.facebook.com/connect/uiserver.phphttp://www.facebook.com/login.phphttps://www.facebook.com/login.phphttp://www.facebook.com/connect/login_success.htmlhttps://www.facebook.com/connect/login_success.html equals www.facebook.com (Facebook)
Source: BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: Khttps://www.facebook.com/dialog/apprequestsapp_id=%S&display=popup&message=%s&redirect_uri=%s%s&to=%Shttp://www.facebook.com/dialog/oauth equals www.facebook.com (Facebook)
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.facebook.com/checkpoint/ equals www.facebook.com (Facebook)
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.facebook.com/connect/login_success.html equals www.facebook.com (Facebook)
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.facebook.com/connect/uiserver.php equals www.facebook.com (Facebook)
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.facebook.com/dialog/oauth equals www.facebook.com (Facebook)
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.facebook.com/dialog/permissions.request equals www.facebook.com (Facebook)
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.facebook.com/login.php equals www.facebook.com (Facebook)
Source: BitTorrent.exeString found in binary or memory: http://www.facebook.com/plugins/like.php? equals www.facebook.com (Facebook)
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: https://www.facebook.com/checkpoint/ equals www.facebook.com (Facebook)
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: https://www.facebook.com/connect/login_success.html equals www.facebook.com (Facebook)
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: https://www.facebook.com/connect/uiserver.php equals www.facebook.com (Facebook)
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: https://www.facebook.com/dialog/apprequests equals www.facebook.com (Facebook)
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: https://www.facebook.com/dialog/oauth equals www.facebook.com (Facebook)
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: https://www.facebook.com/dialog/permissions.request equals www.facebook.com (Facebook)
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: https://www.facebook.com/login.php equals www.facebook.com (Facebook)
Source: BitTorrent.exe, 00000004.00000003.1913473583.0000000003134000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913805695.000000000317A000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913703169.0000000003179000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: oter-social-fb" href="https://facebook.com/bittorrent" class="facebook footer-social-alt" target="_blank" rel="noopener noreferrer"><svg stroke="currentColor" fill="currentColor" stroke-width="0" viewBox="0 0 512 512" class="socialicon footer-social-icon" height="1em" width="1em" xmlns="http://www.w3.org/2000/svg"><path d="M504 256C504 119 393 8 256 8S8 119 8 256c0 123.78 90.69 226.38 209.25 245V327.69h-63V256h63v-54.64c0-62.15 37-96.48 93.67-96.48 27.14 0 55.52 4.84 55.52 4.84v61h-31.28c-30.8 0-40.41 19.12-40.41 38.73V256h68.78l-11 71.69h-57.78V501C413.31 482.38 504 379.78 504 256z"></path></svg>Facebook</a><a id="footer-social-twitter" href="https://twitter.com/BitTorrent" class="twitter ml-3 footer-social-alt" target="_blank" rel="noopener noreferrer"><svg stroke="currentColor" fill="currentColor" stroke-width="0" viewBox="0 0 512 512" class="socialicon footer-social-icon" height="1em" width="1em" xmlns="http://www.w3.org/2000/svg"><path d="M459.37 151.716c.325 4.548.325 9.097.325 13.645 0 138.72-105.583 2& equals www.facebook.com (Facebook)
Source: BitTorrent.exe, 00000004.00000003.1913473583.0000000003134000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913805695.000000000317A000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913703169.0000000003179000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: oter-social-fb" href="https://facebook.com/bittorrent" class="facebook footer-social-alt" target="_blank" rel="noopener noreferrer"><svg stroke="currentColor" fill="currentColor" stroke-width="0" viewBox="0 0 512 512" class="socialicon footer-social-icon" height="1em" width="1em" xmlns="http://www.w3.org/2000/svg"><path d="M504 256C504 119 393 8 256 8S8 119 8 256c0 123.78 90.69 226.38 209.25 245V327.69h-63V256h63v-54.64c0-62.15 37-96.48 93.67-96.48 27.14 0 55.52 4.84 55.52 4.84v61h-31.28c-30.8 0-40.41 19.12-40.41 38.73V256h68.78l-11 71.69h-57.78V501C413.31 482.38 504 379.78 504 256z"></path></svg>Facebook</a><a id="footer-social-twitter" href="https://twitter.com/BitTorrent" class="twitter ml-3 footer-social-alt" target="_blank" rel="noopener noreferrer"><svg stroke="currentColor" fill="currentColor" stroke-width="0" viewBox="0 0 512 512" class="socialicon footer-social-icon" height="1em" width="1em" xmlns="http://www.w3.org/2000/svg"><path d="M459.37 151.716c.325 4.548.325 9.097.325 13.645 0 138.72-105.583 2& equals www.twitter.com (Twitter)
Source: unknownDNS traffic detected: queries for: update.utorrent.com
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 474298Connection: closeDate: Fri, 15 Mar 2024 20:10:22 GMTCache-Control: public, max-age=0, must-revalidateLast-Modified: Fri, 15 Mar 2024 19:54:46 GMTETag: "0a6792af469cbad22ffc3d9a2bed7494"Server: AmazonS3CloudFront-Viewer-Country: USSet-Cookie: cloudfront-view-country=US;Path=/X-Frame-Options: DENYContent-Security-Policy: frame-ancestors 'self' https://*.trontv.com https://rainberrytv.com;Vary: Accept-EncodingX-Cache: Error from cloudfrontVia: 1.1 8b91488fa62e73ed6328bc389e6d1cbe.cloudfront.net (CloudFront)X-Amz-Cf-Pop: IAD79-C3X-Amz-Cf-Id: aDG-nygxNba3QhuSfWD3xXsV-2H04LMYM0l9QPzK-55mdSh81RzDlA==Age: 3310221
Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddenx-amz-request-id: M5CBEPFGKQMANW2Px-amz-id-2: d/dKlVztzrj0LHGN9mpZuBfEPTeb7+A8hTbRg61U8QuPT3f9Z+3XFLgcQDTusK1RcHfEIwzajas=Content-Type: application/xmlServer: AmazonS3Age: 1320Date: Tue, 23 Apr 2024 03:40:33 GMTExpires: Tue, 23 Apr 2024 03:48:41 GMTX-LLID: 703f882f0c7ea4a38c753c944e06dc31Connection: closeCache-Control: max-age=86400Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 41 63 63 65 73 73 44 65 6e 69 65 64 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 4d 65 73 73 61 67 65 3e 3c 52 65 71 75 65 73 74 49 64 3e 4d 35 43 42 45 50 46 47 4b 51 4d 41 4e 57 32 50 3c 2f 52 65 71 75 65 73 74 49 64 3e 3c 48 6f 73 74 49 64 3e 64 2f 64 4b 6c 56 7a 74 7a 72 6a 30 4c 48 47 4e 39 6d 70 5a 75 42 66 45 50 54 65 62 37 2b 41 38 68 54 62 52 67 36 31 55 38 51 75 50 54 33 66 39 5a 2b 33 58 46 4c 67 63 51 44 54 75 73 4b 31 52 63 48 66 45 49 77 7a 61 6a 61 73 3d 3c 2f 48 6f 73 74 49 64 3e 3c 2f 45 72 72 6f 72 3e Data Ascii: <?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>M5CBEPFGKQMANW2P</RequestId><HostId>d/dKlVztzrj0LHGN9mpZuBfEPTeb7+A8hTbRg61U8QuPT3f9Z+3XFLgcQDTusK1RcHfEIwzajas=</HostId></Error>
Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddenx-amz-request-id: QWGCP9B9QC08ZZCMx-amz-id-2: 09o/CZN6D1uMIux8bnZQOeVz62oUcc0g1UPLk6oAufWjpD+ozP1JvYb2R06tY5uj/JvO4oePKU4=Content-Type: application/xmlServer: AmazonS3Age: 160Date: Tue, 23 Apr 2024 03:40:33 GMTExpires: Tue, 23 Apr 2024 04:07:53 GMTX-LLID: 6a0a4ad5c3908ce90accb635c9be1613Connection: closeCache-Control: max-age=86400Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 41 63 63 65 73 73 44 65 6e 69 65 64 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 4d 65 73 73 61 67 65 3e 3c 52 65 71 75 65 73 74 49 64 3e 51 57 47 43 50 39 42 39 51 43 30 38 5a 5a 43 4d 3c 2f 52 65 71 75 65 73 74 49 64 3e 3c 48 6f 73 74 49 64 3e 30 39 6f 2f 43 5a 4e 36 44 31 75 4d 49 75 78 38 62 6e 5a 51 4f 65 56 7a 36 32 6f 55 63 63 30 67 31 55 50 4c 6b 36 6f 41 75 66 57 6a 70 44 2b 6f 7a 50 31 4a 76 59 62 32 52 30 36 74 59 35 75 6a 2f 4a 76 4f 34 6f 65 50 4b 55 34 3d 3c 2f 48 6f 73 74 49 64 3e 3c 2f 45 72 72 6f 72 3e Data Ascii: <?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>QWGCP9B9QC08ZZCM</RequestId><HostId>09o/CZN6D1uMIux8bnZQOeVz62oUcc0g1UPLk6oAufWjpD+ozP1JvYb2R06tY5uj/JvO4oePKU4=</HostId></Error>
Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddenx-amz-request-id: JV4VTGGNP1AWRT6Qx-amz-id-2: CEAf4RR4MbCCJeuoelNAMdrTi8nPA+V8nz+9uwT/g4XtDGK7LjFabErPNEk3L32uIR6lxrevF3g=Content-Type: application/xmlDate: Tue, 23 Apr 2024 03:40:33 GMTServer: AmazonS3X-LLID: a8e1107f6718f4ed57bf3e574b5feeb9Connection: closeCache-Control: max-age=86400Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 41 63 63 65 73 73 44 65 6e 69 65 64 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 4d 65 73 73 61 67 65 3e 3c 52 65 71 75 65 73 74 49 64 3e 4a 56 34 56 54 47 47 4e 50 31 41 57 52 54 36 51 3c 2f 52 65 71 75 65 73 74 49 64 3e 3c 48 6f 73 74 49 64 3e 43 45 41 66 34 52 52 34 4d 62 43 43 4a 65 75 6f 65 6c 4e 41 4d 64 72 54 69 38 6e 50 41 2b 56 38 6e 7a 2b 39 75 77 54 2f 67 34 58 74 44 47 4b 37 4c 6a 46 61 62 45 72 50 4e 45 6b 33 4c 33 32 75 49 52 36 6c 78 72 65 76 46 33 67 3d 3c 2f 48 6f 73 74 49 64 3e 3c 2f 45 72 72 6f 72 3e Data Ascii: <?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>JV4VTGGNP1AWRT6Q</RequestId><HostId>CEAf4RR4MbCCJeuoelNAMdrTi8nPA+V8nz+9uwT/g4XtDGK7LjFabErPNEk3L32uIR6lxrevF3g=</HostId></Error>
Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddenx-amz-request-id: JV4VTGGNP1AWRT6Qx-amz-id-2: CEAf4RR4MbCCJeuoelNAMdrTi8nPA+V8nz+9uwT/g4XtDGK7LjFabErPNEk3L32uIR6lxrevF3g=Content-Type: application/xmlServer: AmazonS3Age: 3Date: Tue, 23 Apr 2024 03:40:36 GMTExpires: Tue, 23 Apr 2024 03:40:43 GMTX-LLID: 42b416aa817de2a175e0080b609cb29cConnection: closeCache-Control: max-age=86400Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 41 63 63 65 73 73 44 65 6e 69 65 64 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 4d 65 73 73 61 67 65 3e 3c 52 65 71 75 65 73 74 49 64 3e 4a 56 34 56 54 47 47 4e 50 31 41 57 52 54 36 51 3c 2f 52 65 71 75 65 73 74 49 64 3e 3c 48 6f 73 74 49 64 3e 43 45 41 66 34 52 52 34 4d 62 43 43 4a 65 75 6f 65 6c 4e 41 4d 64 72 54 69 38 6e 50 41 2b 56 38 6e 7a 2b 39 75 77 54 2f 67 34 58 74 44 47 4b 37 4c 6a 46 61 62 45 72 50 4e 45 6b 33 4c 33 32 75 49 52 36 6c 78 72 65 76 46 33 67 3d 3c 2f 48 6f 73 74 49 64 3e 3c 2f 45 72 72 6f 72 3e Data Ascii: <?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>JV4VTGGNP1AWRT6Q</RequestId><HostId>CEAf4RR4MbCCJeuoelNAMdrTi8nPA+V8nz+9uwT/g4XtDGK7LjFabErPNEk3L32uIR6lxrevF3g=</HostId></Error>
Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddenx-amz-request-id: J73RKCJTFX5SX38Bx-amz-id-2: uv9Xqml+s7n4cHhlBiRnv8ZWVNPtaB2uSQMBu+0K3gaGp08SYQXmTbE1qLMMqgrOUd7e9KRw5i0=Content-Type: application/xmlDate: Tue, 23 Apr 2024 03:40:37 GMTServer: AmazonS3X-LLID: e190056c81323a639f1f58413934a39cConnection: closeCache-Control: max-age=86400
Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddenx-amz-request-id: 94N7JA3XT9MBXJ32x-amz-id-2: A6QEkCyfaq5s7ZNsu+Bd/SBpWs1E8FLdTbDWQxMOhbk+etNZFYe3GBsS+JNaDnXFzAZvKxxzdsE=Content-Type: application/xmlServer: AmazonS3Age: 193Date: Tue, 23 Apr 2024 03:40:37 GMTExpires: Tue, 23 Apr 2024 04:07:24 GMTX-LLID: 6679222d66c8bf16ddb99924f9b72574Connection: closeCache-Control: max-age=86400Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 41 63 63 65 73 73 44 65 6e 69 65 64 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 4d 65 73 73 61 67 65 3e 3c 52 65 71 75 65 73 74 49 64 3e 39 34 4e 37 4a 41 33 58 54 39 4d 42 58 4a 33 32 3c 2f 52 65 71 75 65 73 74 49 64 3e 3c 48 6f 73 74 49 64 3e 41 36 51 45 6b 43 79 66 61 71 35 73 37 5a 4e 73 75 2b 42 64 2f 53 42 70 57 73 31 45 38 46 4c 64 54 62 44 57 51 78 4d 4f 68 62 6b 2b 65 74 4e 5a 46 59 65 33 47 42 73 53 2b 4a 4e 61 44 6e 58 46 7a 41 5a 76 4b 78 78 7a 64 73 45 3d 3c 2f 48 6f 73 74 49 64 3e 3c 2f 45 72 72 6f 72 3e Data Ascii: <?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>94N7JA3XT9MBXJ32</RequestId><HostId>A6QEkCyfaq5s7ZNsu+Bd/SBpWs1E8FLdTbDWQxMOhbk+etNZFYe3GBsS+JNaDnXFzAZvKxxzdsE=</HostId></Error>
Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddenx-amz-request-id: JV4VTGGNP1AWRT6Qx-amz-id-2: CEAf4RR4MbCCJeuoelNAMdrTi8nPA+V8nz+9uwT/g4XtDGK7LjFabErPNEk3L32uIR6lxrevF3g=Content-Type: application/xmlServer: AmazonS3Age: 7Date: Tue, 23 Apr 2024 03:40:40 GMTExpires: Tue, 23 Apr 2024 03:40:43 GMTX-LLID: be203663eae3bef66f4294b6425f033eConnection: closeCache-Control: max-age=86400Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 41 63 63 65 73 73 44 65 6e 69 65 64 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 4d 65 73 73 61 67 65 3e 3c 52 65 71 75 65 73 74 49 64 3e 4a 56 34 56 54 47 47 4e 50 31 41 57 52 54 36 51 3c 2f 52 65 71 75 65 73 74 49 64 3e 3c 48 6f 73 74 49 64 3e 43 45 41 66 34 52 52 34 4d 62 43 43 4a 65 75 6f 65 6c 4e 41 4d 64 72 54 69 38 6e 50 41 2b 56 38 6e 7a 2b 39 75 77 54 2f 67 34 58 74 44 47 4b 37 4c 6a 46 61 62 45 72 50 4e 45 6b 33 4c 33 32 75 49 52 36 6c 78 72 65 76 46 33 67 3d 3c 2f 48 6f 73 74 49 64 3e 3c 2f 45 72 72 6f 72 3e Data Ascii: <?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>JV4VTGGNP1AWRT6Q</RequestId><HostId>CEAf4RR4MbCCJeuoelNAMdrTi8nPA+V8nz+9uwT/g4XtDGK7LjFabErPNEk3L32uIR6lxrevF3g=</HostId></Error>
Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddenx-amz-request-id: J73RKCJTFX5SX38Bx-amz-id-2: uv9Xqml+s7n4cHhlBiRnv8ZWVNPtaB2uSQMBu+0K3gaGp08SYQXmTbE1qLMMqgrOUd7e9KRw5i0=Content-Type: application/xmlServer: AmazonS3Age: 4Date: Tue, 23 Apr 2024 03:40:40 GMTExpires: Tue, 23 Apr 2024 03:40:46 GMTX-LLID: b4a3d82bacb6a67832472f68b3cb4368Connection: closeCache-Control: max-age=86400Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 41 63 63 65 73 73 44 65 6e 69 65 64 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 4d 65 73 73 61 67 65 3e 3c 52 65 71 75 65 73 74 49 64 3e 4a 37 33 52 4b 43 4a 54 46 58 35 53 58 33 38 42 3c 2f 52 65 71 75 65 73 74 49 64 3e 3c 48 6f 73 74 49 64 3e 75 76 39 58 71 6d 6c 2b 73 37 6e 34 63 48 68 6c 42 69 52 6e 76 38 5a 57 56 4e 50 74 61 42 32 75 53 51 4d 42 75 2b 30 4b 33 67 61 47 70 30 38 53 59 51 58 6d 54 62 45 31 71 4c 4d 4d 71 67 72 4f 55 64 37 65 39 4b 52 77 35 69 30 3d 3c 2f 48 6f 73 74 49 64 3e 3c 2f 45 72 72 6f 72 3e Data Ascii: <?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>J73RKCJTFX5SX38B</RequestId><HostId>uv9Xqml+s7n4cHhlBiRnv8ZWVNPtaB2uSQMBu+0K3gaGp08SYQXmTbE1qLMMqgrOUd7e9KRw5i0=</HostId></Error>
Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddenx-amz-request-id: 3FAVA71VTBZXYMHZx-amz-id-2: Qbp/irFcJm6v6TeGd7boMr07yK/OucAFf58XqfGV5oHIPf+Q6IoHBf4EGoyJ9QNTEBjKvZAGVL4=Content-Type: application/xmlDate: Tue, 23 Apr 2024 03:40:40 GMTServer: AmazonS3X-LLID: 47e46e2e0d924efd94a87d8f97dd6319Connection: closeCache-Control: max-age=86400
Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddenx-amz-request-id: 66J93298EMGXPRREx-amz-id-2: g5P0GhGE37xskk+tHm9irj7E0xo7Opzey/4AOhUBJIfp9IdbgnB51TXkHTWmJA90R9uSRJi8bJk=Content-Type: application/xmlServer: AmazonS3Age: 213Date: Tue, 23 Apr 2024 03:40:40 GMTExpires: Tue, 23 Apr 2024 04:07:07 GMTX-LLID: c1a6bf54657aa29a1ae3285cc68554c9Connection: closeCache-Control: max-age=86400Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 41 63 63 65 73 73 44 65 6e 69 65 64 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 4d 65 73 73 61 67 65 3e 3c 52 65 71 75 65 73 74 49 64 3e 36 36 4a 39 33 32 39 38 45 4d 47 58 50 52 52 45 3c 2f 52 65 71 75 65 73 74 49 64 3e 3c 48 6f 73 74 49 64 3e 67 35 50 30 47 68 47 45 33 37 78 73 6b 6b 2b 74 48 6d 39 69 72 6a 37 45 30 78 6f 37 4f 70 7a 65 79 2f 34 41 4f 68 55 42 4a 49 66 70 39 49 64 62 67 6e 42 35 31 54 58 6b 48 54 57 6d 4a 41 39 30 52 39 75 53 52 4a 69 38 62 4a 6b 3d 3c 2f 48 6f 73 74 49 64 3e 3c 2f 45 72 72 6f 72 3e Data Ascii: <?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>66J93298EMGXPRRE</RequestId><HostId>g5P0GhGE37xskk+tHm9irj7E0xo7Opzey/4AOhUBJIfp9IdbgnB51TXkHTWmJA90R9uSRJi8bJk=</HostId></Error>
Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddenx-amz-request-id: QWG5E2RHV7GFADFXx-amz-id-2: gSxrFyPgfgKbcd+7eRVdfSAo/fLZ/Xpi7kh0C6lYTpr73cmRERjp+x9AEHMyDr+2l2Z62R1GAr8=Content-Type: application/xmlServer: AmazonS3Age: 169Date: Tue, 23 Apr 2024 03:40:42 GMTExpires: Tue, 23 Apr 2024 04:07:53 GMTX-LLID: 39fc0e618797b4ddd121abd5fe394e41Connection: closeCache-Control: max-age=86400Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 41 63 63 65 73 73 44 65 6e 69 65 64 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 4d 65 73 73 61 67 65 3e 3c 52 65 71 75 65 73 74 49 64 3e 51 57 47 35 45 32 52 48 56 37 47 46 41 44 46 58 3c 2f 52 65 71 75 65 73 74 49 64 3e 3c 48 6f 73 74 49 64 3e 67 53 78 72 46 79 50 67 66 67 4b 62 63 64 2b 37 65 52 56 64 66 53 41 6f 2f 66 4c 5a 2f 58 70 69 37 6b 68 30 43 36 6c 59 54 70 72 37 33 63 6d 52 45 52 6a 70 2b 78 39 41 45 48 4d 79 44 72 2b 32 6c 32 5a 36 32 52 31 47 41 72 38 3d 3c 2f 48 6f 73 74 49 64 3e 3c 2f 45 72 72 6f 72 3e Data Ascii: <?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>QWG5E2RHV7GFADFX</RequestId><HostId>gSxrFyPgfgKbcd+7eRVdfSAo/fLZ/Xpi7kh0C6lYTpr73cmRERjp+x9AEHMyDr+2l2Z62R1GAr8=</HostId></Error>
Source: BitTorrent.exe, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://%02x%02x%02x%02x.%s
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://%02x%02x%02x%02x.%s%s&customer=%s%s&h=%s%s&url=%UGetProcessMemoryInfopsapi.dll
Source: BitTorrent.exe, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://%s/checkupdate.php
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://%s/checkupdate.phphttp://%s/updatestats.phphttp://%s/installstats.phpopen/AUTOUPDATE
Source: BitTorrent.exe, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://%s/installstats.php
Source: BitTorrent.exe, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://%s/offers/bt-en-conduit-20110902.exe
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://%s/offers/bt-en-conduit-20110902.exeoffer_urlsimage_urlhttp://%s/offers/bt_conduit-20110119.b
Source: BitTorrent.exe, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://%s/offers/bt_conduit-20110119.bmp
Source: BitTorrent.exe, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://%s/updatestats.php
Source: BitTorrent-7.6.exe, utt267C.tmp.zip.0.dr, uttE3C4.tmp.0.dr, BitTorrent.exe.2.dr, utt40AA.tmp.zip.4.dr, utt6F6B.tmp.zip.4.drString found in binary or memory: http:///?proxy;IsWow64Processkernel32GetNativeSystemInfokernel32.dllWIN7.0WSV7.0SP-64WIN6.0WSV6.0WSV
Source: BitTorrent.exeString found in binary or memory: http://127.0.0.1:%d/proxy?sid=%S&file=%d
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://127.0.0.1:%d/proxy?sid=%S&file=%dShell32.dllSHOpenFolderAndSelectItemsILFreeILCreateFromPathW
Source: BitTorrent.exe, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://127.0.0.1:%d/proxy?sid=%x&file=%d
Source: BitTorrent.exe, 00000004.00000002.2879985412.0000000003114000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.2170665852.0000000003120000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://192.168.2.4:
Source: BitTorrent.exe, 00000004.00000002.2879985412.0000000003114000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000002.2879628422.0000000000F30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://192.168.2.4:48539
Source: BitTorrent.exe, 00000004.00000002.2879628422.0000000000F30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://192.168.2.4:48539cf4bbea
Source: BitTorrent.exe, 00000004.00000002.2879985412.0000000003114000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.2170665852.0000000003120000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://192.168.2.4:d
Source: BitTorrent-7.6.exe, utt267C.tmp.zip.0.dr, uttE3C4.tmp.0.dr, BitTorrent.exe.2.dr, utt40AA.tmp.zip.4.dr, utt6F6B.tmp.zip.4.drString found in binary or memory: http://api.opencandy.com
Source: BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://apps.bittorrent.com
Source: BitTorrent.exe, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2079313093.0000000001810000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apps.bittorrent.com/discoverContent/discoverContent.btapp
Source: BitTorrent.exe, 00000004.00000002.2879985412.0000000003114000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apps.bittorrent.com/discoverContent/discoverContent.btapp?h=LGrCdiDYZ6xdNXqD&v=247556090&ol=e
Source: BitTorrent.exe, 00000004.00000002.2879628422.0000000000F38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apps.bittorrent.com/discoverContent/discoverContent.btappE
Source: BitTorrent.exe, 00000004.00000002.2879628422.0000000000F38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apps.bittorrent.com/discoverContent/discoverContent.btappF
Source: BitTorrent.exe, 00000004.00000002.2879628422.0000000000F30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apps.bittorrent.com/discoverContent/discoverContent.btappH
Source: BitTorrent-7.6.exe, 00000000.00000002.2502854820.0000000000FB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apps.bittorrent.com/discoverContent/discoverContent.btappc
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://apps.bittorrent.com/discoverContent/discoverContent.btapphttp://apps.bittorrent.com/utorrent-
Source: BitTorrent-7.6.exe, 00000000.00000002.2502854820.0000000000FB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apps.bittorrent.com/discoverContent/discoverContent.btappjon/
Source: BitTorrent.exe, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://apps.bittorrent.com/featuredcontent/featuredcontent.btapp
Source: BitTorrent-7.6.exe, 00000000.00000002.2502854820.0000000000FC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apps.bittorrent.com/featuredcontent/featuredcontent.btapp$~?d
Source: BitTorrent.exe, 00000004.00000002.2879628422.0000000000F38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apps.bittorrent.com/featuredcontent/featuredcontent.btappF
Source: BitTorrent-7.6.exe, 00000002.00000002.1862911719.0000000001740000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apps.bittorrent.com/featuredcontent/featuredcontent.btapptToEX
Source: BitTorrent.exe, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://apps.bittorrent.com/store/store.btapp
Source: BitTorrent-7.6.exe, 00000002.00000002.1862869540.00000000015C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apps.bittorrent.com/store/store.btappatuCYV
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://apps.bittorrent.com/store/store.btapphttp://apps.bittorrent.com/featuredcontent/featuredconte
Source: BitTorrent.exe, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://apps.bittorrent.com/utorrent-onboarding/player.btapp
Source: BitTorrent-7.6.exe, 00000000.00000002.2503755577.00000000011BD000.00000004.00000020.00020000.00000000.sdmp, BitTorrent-7.6.exe, 00000000.00000003.2487305505.00000000011BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apps.bittorrent.com/utorrent-onboarding/player.btapp2x
Source: BitTorrent.exe, 00000004.00000002.2879951727.0000000001045000.00000004.00000001.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.2170705484.0000000001045000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apps.bittorrent.com/utorrent-onboarding/player.btappB
Source: BitTorrent.exe, 00000004.00000002.2879628422.0000000000F38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apps.bittorrent.com/utorrent-onboarding/player.btappF
Source: BitTorrent-7.6.exe, 00000002.00000002.1862697461.0000000000F08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apps.bittorrent.com/utorrent-onboarding/player.btappZ
Source: BitTorrent-7.6.exe, 00000000.00000003.2487305505.0000000001164000.00000004.00000020.00020000.00000000.sdmp, BitTorrent-7.6.exe, 00000000.00000002.2503248340.0000000001164000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apps.bittorrent.com/utorrent-onboarding/player.btappi
Source: BitTorrent-7.6.exe, 00000000.00000002.2502854820.0000000000FB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apps.bittorrent.com/utorrent-onboarding/player.btappn
Source: BitTorrent.exe, 00000004.00000003.1887180836.0000000003DB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apps.bittorrent.com/utorrent-onboarding/player.btapps
Source: BitTorrent.exe, 00000004.00000003.1887180836.0000000003DD0000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000002.2880314584.0000000003DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apps.bittorrent.com/utorrent-onboarding/player.btapps.
Source: BitTorrent.exe, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://apps.bittorrent.com/utorrent-onboarding/plus-bt.btapp
Source: BitTorrent-7.6.exe, 00000000.00000002.2503755577.00000000011BD000.00000004.00000020.00020000.00000000.sdmp, BitTorrent-7.6.exe, 00000000.00000003.2487305505.00000000011BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apps.bittorrent.com/utorrent-onboarding/plus-bt.btapp$
Source: BitTorrent.exe, 00000004.00000003.1887180836.0000000003DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apps.bittorrent.com/utorrent-onboarding/plus-bt.btapp.
Source: BitTorrent.exe, 00000004.00000002.2879628422.0000000000F38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apps.bittorrent.com/utorrent-onboarding/plus-bt.btappE
Source: BitTorrent-7.6.exe, 00000002.00000002.1862869540.00000000015C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apps.bittorrent.com/utorrent-onboarding/plus-bt.btappEX
Source: BitTorrent-7.6.exe, 00000002.00000002.1862869540.00000000015C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apps.bittorrent.com/utorrent-onboarding/plus-bt.btappi
Source: BitTorrent-7.6.exe, 00000000.00000002.2503248340.000000000118C000.00000004.00000020.00020000.00000000.sdmp, BitTorrent-7.6.exe, 00000000.00000003.2487305505.000000000118C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apps.bittorrent.com/utorrent-onboarding/plus-bt.btappin32c)e
Source: BitTorrent-7.6.exe, 00000000.00000002.2502854820.0000000000FC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apps.bittorrent.com/utorrent-onboarding/plus-bt.btappw
Source: BitTorrent.exe, 00000004.00000003.2170705484.000000000103F000.00000004.00000800.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000002.2879951727.000000000103F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://apps.bittorrent.com/utorrent-onboarding/plus-bt.btappz
Source: BitTorrent.exe, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://apps.bittorrent.com/utorrent-onboarding/welcome.btapp
Source: BitTorrent-7.6.exe, 00000000.00000002.2502854820.0000000000FB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apps.bittorrent.com/utorrent-onboarding/welcome.btapp/
Source: BitTorrent-7.6.exe, 00000000.00000002.2503755577.00000000011BD000.00000004.00000020.00020000.00000000.sdmp, BitTorrent-7.6.exe, 00000000.00000003.2487305505.00000000011BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apps.bittorrent.com/utorrent-onboarding/welcome.btapp=
Source: BitTorrent-7.6.exe, 00000002.00000002.1862911719.0000000001748000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apps.bittorrent.com/utorrent-onboarding/welcome.btappEX
Source: BitTorrent.exe, 00000004.00000003.1887180836.0000000003DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apps.bittorrent.com/utorrent-onboarding/welcome.btapp_
Source: BitTorrent-7.6.exe, 00000000.00000002.2503248340.000000000118C000.00000004.00000020.00020000.00000000.sdmp, BitTorrent-7.6.exe, 00000000.00000003.2487305505.000000000118C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apps.bittorrent.com/utorrent-onboarding/welcome.btappin32/
Source: BitTorrent.exe, 00000004.00000003.1887180836.0000000003DB1000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000002.2880314584.0000000003DB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apps.bittorrent.com/utorrent-onboarding/welcome.btapptreaming.
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://crl.thawte.com/ThawteServerPremiumCA.crl0
Source: BitTorrent-7.6.exe, utt267C.tmp.zip.0.dr, uttE3C4.tmp.0.dr, BitTorrent.exe.2.dr, utt40AA.tmp.zip.4.dr, utt6F6B.tmp.zip.4.drString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
Source: BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://download.utorrent.com/help/bittorrent-help-7600.zip
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://download.utorrent.com/public/DivXPlayer.htmlhttp://download.utorrent.com/public/DivXPlayer.ht
Source: BitTorrent.exe, 00000009.00000002.2078700014.000000000052C000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://dslreports.com/speedtest/
Source: BitTorrent.exeString found in binary or memory: http://featuredcontent.staging.utorrent.com
Source: BitTorrent.exeString found in binary or memory: http://featuredcontent.utorrent.com/
Source: BitTorrent.exe, 00000004.00000003.1913473583.0000000003134000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913540162.000000000314D000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913593131.0000000003165000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913729020.0000000003168000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1930685179.0000000007F81000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913805695.0000000003168000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fontawesome.io
Source: BitTorrent.exe, 00000004.00000003.1913473583.0000000003134000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913540162.000000000314D000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913593131.0000000003165000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913729020.0000000003168000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1930685179.0000000007F81000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913805695.0000000003168000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fontawesome.io/license
Source: BitTorrent.exe, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://forum.bittorrent.com/.
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://forum.bittorrent.com/?client=bittorrent7600
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://forum.bittorrent.com/?client=bittorrent7600http://www.bittorrent.com/btusers/help/faq?client=
Source: BitTorrent.exe, 00000009.00000002.2078700014.000000000052C000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://help.bittorrent.com
Source: BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://help.utorrent.com/customer/portal/articles/257678
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://ll.www.bittorrent.com/llspeedtest/
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://ll.www.bittorrent.com/llspeedtest/%.1f
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://ll.www.bittorrent.com/llspeedtest/speedtestobjects.txt
Source: BitTorrent-7.6.exe, 00000000.00000002.2503088728.00000000010DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://llsw.download3.utorrent.com/offers/bt-en-conduit-20110902.exe
Source: BitTorrent-7.6.exe, 00000000.00000002.2503088728.00000000010DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://llsw.download3.utorrent.com/offers/bt_conduit-20110119.bmp
Source: BitTorrent-7.6.exe, 00000000.00000002.2503088728.00000000010DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://llsw.download3.utorrent.com/offers/bt_conduit-20110119.bmptTo#
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://ocsp.thawte.com0
Source: BitTorrent-7.6.exe, utt267C.tmp.zip.0.dr, uttE3C4.tmp.0.dr, BitTorrent.exe.2.dr, utt40AA.tmp.zip.4.dr, utt6F6B.tmp.zip.4.drString found in binary or memory: http://opencandy.com
Source: BitTorrent.exe, 00000009.00000002.2078700014.000000000052C000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://portforward.com/
Source: BitTorrent.exe, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2079313093.0000000001810000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pr.apps.bittorrent.com/share/share.btapp
Source: BitTorrent-7.6.exe, 00000000.00000002.2503088728.00000000010D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pr.apps.bittorrent.com/share/share.btapp&
Source: BitTorrent-7.6.exe, 00000002.00000002.1862911719.0000000001748000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pr.apps.bittorrent.com/share/share.btapp0
Source: BitTorrent.exe, 00000004.00000002.2879628422.0000000000F30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pr.apps.bittorrent.com/share/share.btappH
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://pr.apps.bittorrent.com/share/share.btappbtapps.apps_channelbtapps.app_storegui.show_plus_upse
Source: BitTorrent.exe, BitTorrent.exe, 00000009.00000002.2078700014.000000000052C000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://remote.utorrent.com/
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://remote.utorrent.com/send?btih=
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://rssfeed.com/rss.xmlactive_tabsidebar_edgesidebarav_dialogshow_tabs_buttonhide_tabs_buttontabs
Source: BitTorrent.exe, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: BitTorrent.exe, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: BitTorrent-7.6.exe, utt267C.tmp.zip.0.dr, uttE3C4.tmp.0.dr, BitTorrent.exe.2.dr, utt40AA.tmp.zip.4.dr, utt6F6B.tmp.zip.4.drString found in binary or memory: http://sdk.opencandy.com/deverrorredirect.php?sdk=%s&err=%d
Source: BitTorrent.exe, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://search.utorrent.com/search.php?q=%U&e=%U&u=1
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://search.utorrent.com/search.php?q=%U&e=%U&u=1%s%c%s%%s%sbittorrent7600%s%%%s%U%s&%s=%s%sclient
Source: BitTorrent-7.6.exe, utt267C.tmp.zip.0.dr, uttE3C4.tmp.0.dr, BitTorrent.exe.2.dr, utt40AA.tmp.zip.4.dr, utt6F6B.tmp.zip.4.drString found in binary or memory: http://stats.opencandy.com/
Source: BitTorrent-7.6.exe, utt267C.tmp.zip.0.dr, uttE3C4.tmp.0.dr, BitTorrent.exe.2.dr, utt40AA.tmp.zip.4.dr, utt6F6B.tmp.zip.4.drString found in binary or memory: http://stats.opencandy.com/&debug=&k=&partner_key=&v=OCVBValidateFFRXFWCHECKASCHECKAVCHECKCMPFCRESRC
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://svr-ov-crl.thawte.com/ThawteOV.crl0
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://tinyurl.com/api-create.php?url=%U
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://tinyurl.com/api-create.php?url=%U%s%H&dn=%U&message=%U%s%H&dn=%U&message=%U&sid=%s&cid=%Uhttp
Source: BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://tracker.publicbt.com:80/announce
Source: BitTorrent-7.6.exe, 00000000.00000003.2487188333.00000000011FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://update.bittorrent.com/
Source: BitTorrent-7.6.exe, 00000000.00000003.2487188333.00000000011FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://update.bittorrent.com/Microsoft
Source: BitTorrent.exe, 00000004.00000002.2879985412.000000000310B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://update.bittorrent.com/checkupdate.php
Source: BitTorrent-7.6.exe, 00000000.00000002.2502854820.0000000000FC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://update.bittorrent.com/installstats.php
Source: BitTorrent-7.6.exe, 00000000.00000002.2502854820.0000000000FB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://update.bittorrent.com/installstats.php?v=247556090&h=LGrCdlzYZ6xdNXqD&w=23F00206&bu=0&pr=0&cm
Source: BitTorrent-7.6.exe, 00000000.00000002.2502854820.0000000000FC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://update.bittorrent.com/installstats.phpS
Source: BitTorrent-7.6.exe, 00000000.00000003.2487305505.0000000001164000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://update.bittorrent.com/rrent-onboarding/player.btapp
Source: BitTorrent.exe, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://update.utorrent.com/hang.php
Source: BitTorrent.exe, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://update.utorrent.com/installoffer.php
Source: BitTorrent-7.6.exe, 00000000.00000002.2503248340.000000000119A000.00000004.00000020.00020000.00000000.sdmp, BitTorrent-7.6.exe, 00000000.00000002.2502854820.0000000000FB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://update.utorrent.com/installoffer.php?h=LGrCdlzYZ6xdNXqD&v=247556090&w=23F00206&l=en&c=CH&w64=
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://update.utorrent.com/installoffer.phpshare_offer_checkedcontent_offer_alttextcontent_offer_che
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://update.utorrent.com/speedserverlist.php
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://update.utorrent.com/speedserverlist.phphttp://ll.www.bittorrent.com/llspeedtest/speedtestobje
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://update.utorrent.com/speedstats.php?result=
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://update.utorrent.com/speedstats.php?result=)&port=%dhttp://utorrent.com/testport?plain=1setup
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://update.utorrent.com/survey%3d.%1d%%rebarfile=%sactive_paneplus_bg
Source: BitTorrent.exe, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://update.utorrent.com/uninstall?type=%s-%U&h=%s&v=%d
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://update.utorrent.com/uninstall?type=%s-%U&h=%s&v=%dSoftware
Source: BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://utorrent.com/rsstutorial.php
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://utorrent.com/testport?plain=1
Source: BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://utorrent.com/webui-guide.php
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://utorrent.com/webui/version-%s
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://utorrent.com/webui/webui-%s-%s.zip
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://utorrent.com/webui/webui-%s-%s.zip7.6http://utorrent.com/webui/version-%s.gz...gz
Source: BitTorrent.exeString found in binary or memory: http://utorrentbar.ourtoolbar.co
Source: BitTorrent.exe, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://utorrentbar.ourtoolbar.com/EULA/
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000000.00000002.2502854820.0000000000FB7000.00000004.00000020.00020000.00000000.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://utorrentbar.ourtoolbar.com/privacy/
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.apple.com/itunes
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.apple.com/itunesdevice
Source: BitTorrent.exe, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.bittorrent.com
Source: BitTorrent.exe, 00000009.00000002.2078700014.000000000052C000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.bittorrent.com.
Source: BitTorrent.exeString found in binary or memory: http://www.bittorrent.com/btusers/guides
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.bittorrent.com/btusers/guidesPublisherBitTorrent
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.bittorrent.com/btusers/help/faq?client=bittorrent7600
Source: BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.bittorrent.com/legal/bittorrent-eula.
Source: settings.dat.new.0.drString found in binary or memory: http://www.bittorrent.com/search?client=%v&search=
Source: BitTorrent.exe, 00000004.00000002.2879985412.0000000003114000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.bittorrent.com/sites/default/files/biL
Source: BitTorrent.exe, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.bittorrent.com/sites/default/files/bittorrent2_favicon.ico
Source: BitTorrent.exe, 00000004.00000002.2879985412.000000000310B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.bittorrent.com/sites/default/files/bittorrent2_favicon.icoN
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.bittorrent.com/sites/default/files/bittorrent2_favicon.icohttp://www.bittorrent.com://htt
Source: BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.bittorrent.com/translations/
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.bittorrent.com?client=bittorrent7600
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.bittorrent.com?client=bittorrent7600PlayWaveProc
Source: BitTorrent.exe, BitTorrent.exe, 00000009.00000002.2079313093.0000000001818000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.mininova.org/search/?cat=0&search=
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.mininova.org/search/?cat=0&search=0
Source: BitTorrent-7.6.exe, 00000002.00000002.1862869540.00000000015C0000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000002.2879985412.00000000030F0000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000002.2879628422.0000000000F38000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000008.00000002.1999736139.0000000001078000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000008.00000002.1999867873.00000000032B0000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000009.00000002.2079313093.0000000001818000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000009.00000002.2079357120.0000000003170000.00000004.00000020.00020000.00000000.sdmp, settings.dat.new.0.drString found in binary or memory: http://www.mininova.org/search/?cat=0&search=13:selected_catsle8:selfcert1797:0
Source: BitTorrent.exe, 00000004.00000002.2879985412.00000000030F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mininova.org/search/?cat=0&search=;
Source: BitTorrent.exe, 00000004.00000002.2879628422.0000000000F38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mininova.org/search/?cat=0&search=E
Source: BitTorrent.exe, 00000008.00000002.1999736139.0000000001078000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000009.00000002.2079313093.0000000001818000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mininova.org/search/?cat=0&search=m
Source: BitTorrent-7.6.exe, utt267C.tmp.zip.0.dr, uttE3C4.tmp.0.dr, BitTorrent.exe.2.dr, utt40AA.tmp.zip.4.dr, utt6F6B.tmp.zip.4.drString found in binary or memory: http://www.opencandy.com/successful-integration/.
Source: BitTorrent-7.6.exe, utt267C.tmp.zip.0.dr, uttE3C4.tmp.0.dr, BitTorrent.exe.2.dr, utt40AA.tmp.zip.4.dr, utt6F6B.tmp.zip.4.drString found in binary or memory: http://www.opencandy.comMsg_HelpUrlInstallation
Source: BitTorrent.exe, 00000009.00000002.2078700014.000000000052C000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.utorrent.com/faq
Source: BitTorrent.exe, 00000009.00000002.2078700014.000000000052C000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.utorrent.com/faq#mlabs
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.utorrent.com/faq.php100
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.utorrent.com/share/inclient/a
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.utorrent.com/share/inclient/b
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.utorrent.com/share/inclient/c
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.utorrent.com/share/inclient/d
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.utorrent.com/share/inclient/dhttp://www.utorrent.com/share/inclient/chttp://www.utorrent.
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.utorrent.com/testport.php?port=%d
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.utorrent.com/testport.php?port=%d33
Source: BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://yogi.apps.bittorrent.com/track/?data=%s&ip=1
Source: BitTorrent.exe, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: https://activate.utorrent.com
Source: BitTorrent.exe, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: https://activate.utorrent.com/get_av
Source: BitTorrent-7.6.exe, 00000002.00000002.1862911719.0000000001740000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://activate.utorrent.com/get_avDX
Source: BitTorrent-7.6.exe, 00000000.00000002.2502854820.0000000000FB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://activate.utorrent.com/get_avnboe
Source: BitTorrent.exe, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: https://activate.utorrent.com/get_codec
Source: BitTorrent-7.6.exe, 00000000.00000002.2502854820.0000000000FB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://activate.utorrent.com/get_codec6
Source: BitTorrent-7.6.exe, 00000002.00000002.1862911719.0000000001748000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://activate.utorrent.com/get_codec667
Source: BitTorrent.exe, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: https://activate.utorrent.com/get_player
Source: BitTorrent-7.6.exe, 00000000.00000002.2502854820.0000000000FC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://activate.utorrent.com/get_player#
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: https://activate.utorrent.com/get_player/get_codecs/get_av%s%s%s&%sli=%sht=%dseq=%up=%sver=%dhttp://
Source: BitTorrent-7.6.exe, 00000002.00000002.1862911719.0000000001748000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://activate.utorrent.com/get_playerrding/pAX_
Source: BitTorrent.exe, 00000004.00000003.1913473583.0000000003134000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913805695.000000000317A000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913703169.0000000003179000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913908055.000000000318B000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913540162.000000000314D000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913593131.0000000003165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bittrex.com
Source: BitTorrent.exe, 00000004.00000003.1913473583.0000000003134000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913729020.0000000003154000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913540162.000000000314D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn-assets.bittorrent.com/bt2020/noise-dark.png)
Source: BitTorrent.exe, 00000004.00000003.1913473583.0000000003134000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913729020.0000000003154000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913540162.000000000314D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn-assets.bittorrent.com/bt2020/noise-light.png)
Source: BitTorrent.exe, 00000004.00000003.1913473583.0000000003134000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913805695.000000000317A000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913703169.0000000003179000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913908055.000000000318B000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913540162.000000000314D000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913593131.0000000003165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://discord.com/invite/pn6WWmXtQV
Source: BitTorrent.exe, 00000004.00000003.1913473583.0000000003134000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913805695.000000000317A000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913703169.0000000003179000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913540162.000000000314D000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913593131.0000000003165000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1930685179.0000000007F81000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913970069.000000000317A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://flickity.metafizzy.co
Source: BitTorrent.exe, 00000004.00000003.1913473583.0000000003134000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913805695.000000000317A000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913703169.0000000003179000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913908055.000000000318B000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913540162.000000000314D000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913593131.0000000003165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://forum.bittorrent.com/
Source: BitTorrent.exe, 00000004.00000002.2879985412.0000000003114000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.2170665852.0000000003120000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1930685179.0000000007F81000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://getbootstrap.com/)
Source: BitTorrent.exe, 00000004.00000002.2879985412.0000000003114000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.2170665852.0000000003120000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1930685179.0000000007F81000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: BitTorrent.exe, 00000004.00000003.1913473583.0000000003134000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913805695.000000000317A000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913703169.0000000003179000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913908055.000000000318B000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913540162.000000000314D000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913593131.0000000003165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://instagram.com/bittorrent
Source: BitTorrent.exe, 00000004.00000003.1913473583.0000000003134000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913805695.000000000317A000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913703169.0000000003179000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913908055.000000000318B000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913540162.000000000314D000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913593131.0000000003165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://now.bt.co/
Source: BitTorrent.exe, 00000004.00000003.1913970069.000000000317A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://remote.bittorrent.com
Source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: https://remote.bittorrent.com%Z
Source: BitTorrent.exe, 00000004.00000003.1913805695.0000000003168000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawe
Source: BitTorrent.exe, 00000004.00000003.1913805695.0000000003168000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.eot?#iefix&v=4.7.0
Source: BitTorrent.exe, 00000004.00000003.1913805695.0000000003168000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.eot?v=4.7.0
Source: BitTorrent.exe, 00000004.00000003.1913805695.0000000003168000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.ttf?v=4.7.0
Source: BitTorrent.exe, 00000004.00000003.1913805695.0000000003168000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0
Source: BitTorrent.exe, 00000004.00000003.1913805695.0000000003168000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.woff?v=4.7.0
Source: BitTorrent.exe, 00000004.00000003.1913908055.000000000319E000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913473583.0000000003134000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913970069.000000000319E000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913540162.000000000314D000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913593131.0000000003165000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000002.2880129021.000000000319E000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913645964.000000000319B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me
Source: BitTorrent.exe, 00000004.00000003.1913908055.000000000319E000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913473583.0000000003134000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913970069.000000000319E000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913540162.000000000314D000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913593131.0000000003165000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000002.2880129021.000000000319E000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913645964.000000000319B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/BTTBitTorrent
Source: BitTorrent.exe, 00000004.00000003.1913908055.000000000319E000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913473583.0000000003134000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913970069.000000000319E000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913540162.000000000314D000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913593131.0000000003165000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000002.2880129021.000000000319E000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913645964.000000000319B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/BTTBitTorrentAR
Source: BitTorrent.exe, 00000004.00000003.1930685179.0000000007F81000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/BTTBitTorrentCN
Source: BitTorrent.exe, 00000004.00000003.1913908055.000000000319E000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913473583.0000000003134000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913970069.000000000319E000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913540162.000000000314D000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913593131.0000000003165000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000002.2880129021.000000000319E000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913645964.000000000319B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/BTTBitTorrentES
Source: BitTorrent.exe, 00000004.00000003.1913645964.000000000319B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/BTTBitTorrentIR
Source: BitTorrent.exe, 00000004.00000003.1913645964.000000000319B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/BTTBitTorrentJP
Source: BitTorrent.exe, 00000004.00000003.1930685179.0000000007F81000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/BTTBitTorrentKR
Source: BitTorrent.exe, 00000004.00000003.1913908055.000000000319E000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913473583.0000000003134000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913970069.000000000319E000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913540162.000000000314D000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913593131.0000000003165000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000002.2880129021.000000000319E000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1930685179.0000000007F81000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913645964.000000000319B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/BTTBitTorrentRU
Source: BitTorrent.exe, 00000004.00000003.1913473583.0000000003134000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913805695.000000000317A000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913703169.0000000003179000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913540162.000000000314D000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913593131.0000000003165000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913970069.000000000317A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://upbit.com/
Source: BitTorrent.exe, 00000004.00000003.1913473583.0000000003134000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913805695.000000000317A000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913703169.0000000003179000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913540162.000000000314D000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913593131.0000000003165000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913970069.000000000317A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.binance.com
Source: BitTorrent.exe, 00000004.00000003.1913473583.0000000003134000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913805695.000000000317A000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913703169.0000000003179000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913908055.000000000318B000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913540162.000000000314D000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913593131.0000000003165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.bitmedianetwork.com
Source: BitTorrent.exe, 00000004.00000003.1913970069.000000000317A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.bittorrent.com/404.html
Source: BitTorrent.exe, 00000004.00000003.1913473583.0000000003134000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913805695.000000000317A000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913703169.0000000003179000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913540162.000000000314D000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913593131.0000000003165000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913970069.000000000317A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.bittorrent.com/de/404.html
Source: BitTorrent.exe, 00000004.00000003.1913473583.0000000003134000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913805695.000000000317A000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913703169.0000000003179000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913540162.000000000314D000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913593131.0000000003165000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913970069.000000000317A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.bittorrent.com/es/404.html
Source: BitTorrent.exe, 00000004.00000003.1913473583.0000000003134000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913805695.000000000317A000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913703169.0000000003179000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913540162.000000000314D000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913593131.0000000003165000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913970069.000000000317A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.bittorrent.com/fr/404.html
Source: BitTorrent.exe, 00000004.00000003.1913473583.0000000003134000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913805695.000000000317A000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913703169.0000000003179000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913540162.000000000314D000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913593131.0000000003165000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913970069.000000000317A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.bittorrent.com/hi/404.html
Source: BitTorrent.exe, 00000004.00000003.1913473583.0000000003134000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913805695.000000000317A000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913703169.0000000003179000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913540162.000000000314D000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913593131.0000000003165000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913970069.000000000317A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.bittorrent.com/it/404.html
Source: BitTorrent.exe, 00000004.00000003.1913473583.0000000003134000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913805695.000000000317A000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913703169.0000000003179000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913540162.000000000314D000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913593131.0000000003165000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913970069.000000000317A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.bittorrent.com/ja/404.html
Source: BitTorrent.exe, 00000004.00000003.1913473583.0000000003134000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913805695.000000000317A000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913703169.0000000003179000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913540162.000000000314D000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913593131.0000000003165000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913970069.000000000317A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.bittorrent.com/ko/404.html
Source: BitTorrent.exe, 00000004.00000003.1913473583.0000000003134000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913805695.000000000317A000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913703169.0000000003179000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913540162.000000000314D000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913593131.0000000003165000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913970069.000000000317A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.bittorrent.com/nl/404.html
Source: BitTorrent.exe, 00000004.00000003.1913473583.0000000003134000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913805695.000000000317A000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913703169.0000000003179000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913540162.000000000314D000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913593131.0000000003165000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913970069.000000000317A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.bittorrent.com/pl/404.html
Source: BitTorrent.exe, 00000004.00000003.1913473583.0000000003134000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913805695.000000000317A000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913703169.0000000003179000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913540162.000000000314D000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913593131.0000000003165000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913970069.000000000317A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.bittorrent.com/pt-br/404.html
Source: BitTorrent.exe, 00000004.00000003.1913473583.0000000003134000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913805695.000000000317A000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913703169.0000000003179000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913540162.000000000314D000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913593131.0000000003165000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913970069.000000000317A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.bittorrent.com/pt/404.html
Source: BitTorrent.exe, 00000004.00000003.1913473583.0000000003134000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913805695.000000000317A000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913703169.0000000003179000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913540162.000000000314D000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913593131.0000000003165000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913970069.000000000317A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.bittorrent.com/ru/404.html
Source: BitTorrent.exe, 00000004.00000002.2879664016.0000000000FEF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.bittorrent.com/sites/default/files/bittorrent2_favicon.icouez
Source: BitTorrent.exe, 00000004.00000003.1913970069.000000000317A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.bittorrent.com/social/bittorrent.png
Source: BitTorrent.exe, 00000004.00000003.1913473583.0000000003134000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913805695.000000000317A000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913703169.0000000003179000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913540162.000000000314D000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913593131.0000000003165000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913970069.000000000317A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.bittorrent.com/tl/404.html
Source: BitTorrent.exe, 00000004.00000003.1913473583.0000000003134000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913805695.000000000317A000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913703169.0000000003179000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913540162.000000000314D000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913593131.0000000003165000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913970069.000000000317A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.bittorrent.com/tr/404.html
Source: BitTorrent.exe, 00000004.00000003.1913473583.0000000003134000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913805695.000000000317A000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913703169.0000000003179000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913540162.000000000314D000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913593131.0000000003165000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913970069.000000000317A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.bittorrent.com/zh-cn/404.html
Source: BitTorrent.exe, 00000004.00000003.1913473583.0000000003134000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913805695.000000000317A000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913703169.0000000003179000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913540162.000000000314D000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913593131.0000000003165000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913970069.000000000317A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.bittorrent.com/zh-tw/404.html
Source: BitTorrent.exe, 00000004.00000003.1913473583.0000000003134000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913805695.000000000317A000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913703169.0000000003179000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913540162.000000000314D000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913593131.0000000003165000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1930685179.0000000007F81000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913970069.000000000317A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/gtm.js?id=
Source: BitTorrent.exe, 00000004.00000003.1913473583.0000000003134000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913805695.000000000317A000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913703169.0000000003179000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913540162.000000000314D000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913593131.0000000003165000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1930685179.0000000007F81000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913970069.000000000317A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/ns.html?id=GTM-KB59LVN
Source: BitTorrent.exe, 00000004.00000003.1913473583.0000000003134000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913805695.000000000317A000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913703169.0000000003179000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913908055.000000000318B000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913540162.000000000314D000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913593131.0000000003165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.huobiwallet.com/
Source: BitTorrent.exe, 00000004.00000003.1913473583.0000000003134000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913805695.000000000317A000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913703169.0000000003179000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913540162.000000000314D000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913593131.0000000003165000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913970069.000000000317A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.kraken.com/
Source: BitTorrent.exe, 00000004.00000003.1913473583.0000000003134000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913805695.000000000317A000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913703169.0000000003179000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913908055.000000000318B000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913540162.000000000314D000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913593131.0000000003165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.poloniex.com
Source: BitTorrent.exe, 00000004.00000003.1913473583.0000000003134000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913805695.000000000317A000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913703169.0000000003179000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913908055.000000000318B000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913540162.000000000314D000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913593131.0000000003165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.surveymonkey.com/r/5CJKRDC
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49672
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknownHTTPS traffic detected: 99.86.228.107:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.4:49764 version: TLS 1.2
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeCode function: 0_2_005C3C000_2_005C3C00
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeCode function: 0_2_0041FCD70_2_0041FCD7
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeCode function: 0_2_004150A80_2_004150A8
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeCode function: 0_2_004C41D80_2_004C41D8
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeCode function: 0_2_00415AB00_2_00415AB0
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeCode function: 0_2_0048EB210_2_0048EB21
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeCode function: 0_2_004114770_2_00411477
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeCode function: 0_2_0040B5460_2_0040B546
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeCode function: 0_2_0047BDEC0_2_0047BDEC
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeCode function: 0_2_004745FB0_2_004745FB
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeCode function: 0_2_0043F5900_2_0043F590
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeCode function: 0_2_00471E590_2_00471E59
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeCode function: 0_2_004E4EDD0_2_004E4EDD
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeCode function: 0_2_00418E8A0_2_00418E8A
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeCode function: 0_2_00499E980_2_00499E98
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeCode function: 0_2_0040C75D0_2_0040C75D
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeCode function: 0_2_0049EFE60_2_0049EFE6
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeCode function: 0_2_0040BF950_2_0040BF95
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeCode function: 0_2_0040F7B40_2_0040F7B4
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeCode function: 2_2_005C3C002_2_005C3C00
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeCode function: 4_2_005C3C004_2_005C3C00
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeCode function: 4_2_0041FCD74_2_0041FCD7
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeCode function: 4_2_004150A84_2_004150A8
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeCode function: 4_2_004C41D84_2_004C41D8
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeCode function: 4_2_00415AB04_2_00415AB0
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeCode function: 4_2_0048EB214_2_0048EB21
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeCode function: 4_2_004114774_2_00411477
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeCode function: 4_2_0041A4784_2_0041A478
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeCode function: 4_2_0040B5464_2_0040B546
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeCode function: 4_2_004E3DE54_2_004E3DE5
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeCode function: 4_2_0047BDEC4_2_0047BDEC
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeCode function: 4_2_004745FB4_2_004745FB
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeCode function: 4_2_0043F5904_2_0043F590
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeCode function: 4_2_00471E594_2_00471E59
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeCode function: 4_2_004E4EDD4_2_004E4EDD
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeCode function: 4_2_00418E8A4_2_00418E8A
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeCode function: 4_2_00499E984_2_00499E98
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeCode function: 4_2_0040C75D4_2_0040C75D
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeCode function: 4_2_0049EFE64_2_0049EFE6
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeCode function: 4_2_0040BF954_2_0040BF95
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeCode function: 4_2_0040F7B44_2_0040F7B4
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeCode function: 8_2_005C3C008_2_005C3C00
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeCode function: 9_2_005C3C009_2_005C3C00
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeCode function: String function: 0041FB6B appears 32 times
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeCode function: String function: 0041FB6B appears 32 times
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeCode function: String function: 00406159 appears 55 times
Source: BitTorrent-7.6.exe, 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameBitTorrent.exe|, vs BitTorrent-7.6.exe
Source: BitTorrent-7.6.exe, 00000000.00000003.2498788931.0000000001221000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewow64cpu.dllj% vs BitTorrent-7.6.exe
Source: BitTorrent-7.6.exe, 00000000.00000000.1638321248.00000000005C5000.00000008.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameBitTorrent.exe|, vs BitTorrent-7.6.exe
Source: BitTorrent-7.6.exe, 00000000.00000002.2503248340.0000000001164000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameDBGCORE.DLLj% vs BitTorrent-7.6.exe
Source: BitTorrent-7.6.exe, 00000000.00000003.1643752743.0000000004365000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameOCSetupHlp.dll6 vs BitTorrent-7.6.exe
Source: BitTorrent-7.6.exe, 00000002.00000000.1816755547.00000000005C5000.00000008.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameBitTorrent.exe|, vs BitTorrent-7.6.exe
Source: BitTorrent-7.6.exe, 00000002.00000002.1862606004.00000000005C5000.00000004.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameBitTorrent.exe|, vs BitTorrent-7.6.exe
Source: BitTorrent-7.6.exeBinary or memory string: OriginalFilenameBitTorrent.exe|, vs BitTorrent-7.6.exe
Source: BitTorrent-7.6.exeBinary or memory string: OriginalFilenameOCSetupHlp.dll6 vs BitTorrent-7.6.exe
Source: BitTorrent-7.6.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: BitTorrent-7.6.exeStatic PE information: Section: UPX1 ZLIB complexity 0.9984437055811036
Source: utt267C.tmp.zip.0.drStatic PE information: Section: UPX1 ZLIB complexity 0.9984437055811036
Source: BitTorrent.exe.2.drStatic PE information: Section: UPX1 ZLIB complexity 0.9984437055811036
Source: utt35EC.tmp.zip.2.drStatic PE information: Section: UPX1 ZLIB complexity 0.9984437055811036
Source: utt40AA.tmp.zip.4.drStatic PE information: Section: UPX1 ZLIB complexity 0.9984437055811036
Source: utt6F6B.tmp.zip.4.drStatic PE information: Section: UPX1 ZLIB complexity 0.9984437055811036
Source: classification engineClassification label: mal42.evad.winEXE@7/22@8/100
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeCode function: 0_2_0043EE20 GetDiskFreeSpaceW,0_2_0043EE20
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeCode function: 4_2_004A1318 CreateToolhelp32Snapshot,Process32FirstW,_wcsicmp,Process32NextW,CloseHandle,4_2_004A1318
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeFile created: C:\Program Files (x86)\BitTorrentJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1002\bc49718863ee53e026d805ec372039e9_9e146be9-c76a-4720-bcdb-53011b87bd06Jump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeMutant created: \Sessions\1\BaseNamedObjects\Local\BT4823DF041B09
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeMutant created: \Sessions\1\BaseNamedObjects\ TorrentShareMutex4823DF041B09
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeFile created: C:\Users\user\AppData\Local\Temp\uttE3C4.tmpJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: BitTorrent-7.6.exeVirustotal: Detection: 23%
Source: BitTorrent-7.6.exeReversingLabs: Detection: 30%
Source: BitTorrent-7.6.exeString found in binary or memory: http://%s/installstats.php
Source: BitTorrent-7.6.exeString found in binary or memory: -launch-app client "%2" -ie -ff -chrome
Source: BitTorrent-7.6.exeString found in binary or memory: -show-start-page
Source: BitTorrent-7.6.exeString found in binary or memory: http://update.utorrent.com/installoffer.php
Source: BitTorrent-7.6.exeString found in binary or memory: %I.in-addr.arpa
Source: BitTorrent-7.6.exeString found in binary or memory: Not-Installed
Source: BitTorrent-7.6.exeString found in binary or memory: add-stopped
Source: BitTorrent-7.6.exeString found in binary or memory: %s /LAUNCHBUNDLEDURL %s
Source: BitTorrent-7.6.exeString found in binary or memory: %s /LAUNCHBUNDLEDURLTYPE %s
Source: BitTorrent-7.6.exeString found in binary or memory: http://%s/installstats.php
Source: BitTorrent-7.6.exeString found in binary or memory: -launch-app client "%2" -ie -ff -chrome
Source: BitTorrent-7.6.exeString found in binary or memory: -show-start-page
Source: BitTorrent-7.6.exeString found in binary or memory: Start/Stop
Source: BitTorrent-7.6.exeString found in binary or memory: Start/Stop
Source: BitTorrent-7.6.exeString found in binary or memory: http://update.utorrent.com/installoffer.php
Source: BitTorrent-7.6.exeString found in binary or memory: %I.in-addr.arpa
Source: BitTorrent-7.6.exeString found in binary or memory: Not-Installed
Source: BitTorrent-7.6.exeString found in binary or memory: add-stopped
Source: BitTorrent-7.6.exeString found in binary or memory: %s /LAUNCHBUNDLEDURL %s
Source: BitTorrent-7.6.exeString found in binary or memory: %s /LAUNCHBUNDLEDURLTYPE %s
Source: BitTorrent.exeString found in binary or memory: http://%s/installstats.php
Source: BitTorrent.exeString found in binary or memory: -launch-app client "%2" -ie -ff -chrome
Source: BitTorrent.exeString found in binary or memory: -show-start-page
Source: BitTorrent.exeString found in binary or memory: http://update.utorrent.com/installoffer.php
Source: BitTorrent.exeString found in binary or memory: %I.in-addr.arpa
Source: BitTorrent.exeString found in binary or memory: Not-Installed
Source: BitTorrent.exeString found in binary or memory: add-stopped
Source: BitTorrent.exeString found in binary or memory: %s /LAUNCHBUNDLEDURL %s
Source: BitTorrent.exeString found in binary or memory: %s /LAUNCHBUNDLEDURLTYPE %s
Source: BitTorrent.exeString found in binary or memory: http://%s/installstats.php
Source: BitTorrent.exeString found in binary or memory: -launch-app client "%2" -ie -ff -chrome
Source: BitTorrent.exeString found in binary or memory: -show-start-page
Source: BitTorrent.exeString found in binary or memory: Start/Stop
Source: BitTorrent.exeString found in binary or memory: Start/Stop
Source: BitTorrent.exeString found in binary or memory: http://update.utorrent.com/installoffer.php
Source: BitTorrent.exeString found in binary or memory: %I.in-addr.arpa
Source: BitTorrent.exeString found in binary or memory: Not-Installed
Source: BitTorrent.exeString found in binary or memory: add-stopped
Source: BitTorrent.exeString found in binary or memory: %s /LAUNCHBUNDLEDURL %s
Source: BitTorrent.exeString found in binary or memory: %s /LAUNCHBUNDLEDURLTYPE %s
Source: BitTorrent.exeString found in binary or memory: http://%s/installstats.php
Source: BitTorrent.exeString found in binary or memory: -launch-app client "%2" -ie -ff -chrome
Source: BitTorrent.exeString found in binary or memory: -show-start-page
Source: BitTorrent.exeString found in binary or memory: Start/Stop
Source: BitTorrent.exeString found in binary or memory: Start/Stop
Source: BitTorrent.exeString found in binary or memory: http://update.utorrent.com/installoffer.php
Source: BitTorrent.exeString found in binary or memory: %I.in-addr.arpa
Source: BitTorrent.exeString found in binary or memory: Not-Installed
Source: BitTorrent.exeString found in binary or memory: add-stopped
Source: BitTorrent.exeString found in binary or memory: %s /LAUNCHBUNDLEDURL %s
Source: BitTorrent.exeString found in binary or memory: %s /LAUNCHBUNDLEDURLTYPE %s
Source: BitTorrent-7.6.exeString found in binary or memory: /LAUNCHFROMREGISTRY
Source: BitTorrent-7.6.exeString found in binary or memory: /LAUNCHFROMREGISTRYSUBKEY
Source: BitTorrent-7.6.exeString found in binary or memory: /LAUNCHEXEROOT
Source: BitTorrent-7.6.exeString found in binary or memory: /LAUNCHEXEPATH
Source: BitTorrent-7.6.exeString found in binary or memory: API version:27ORC:da30be9bcd4ad240be8c12290485c41bb2339614c111441ba9365e0dd24ca788ODF:Info:OLANGS:,GenErr:normalembeddedUnhandled OCOffer State switch from RECEIVEDERROR: Unhandled OCOffer State switch from RECEIVED.Unhandled OCOffer State switch from NOT_FOR_USERERROR: Unhandled OCOffer State switch from NOT_FOR_USER.Unhandled OCOffer State switch from INVALIDERROR: Unhandled OCOffer State switch from INVALID.Unhandled OCOffer State switch from OFFERINGERROR: Unhandled OCOffer State switch from OFFERING.Unhandled OCOffer State switch from REJECTEDERROR: Unhandled OCOffer State switch from REJECTED.DLMGR_CANCELLED Download manager was cancelledINSTALLED_RETURNED_ERROR doesn't make sense while still downloading - State change errorERROR: INSTALLED_RETURNED_ERROR doesn't make sense while still downloading - State change error.Unhandled OCOffer State switch from DOWNLOADINGERROR: Unhandled OCOffer State switch from DOWNLOADING.Unhandled OCOffer State switch from DOWNLOADEDERROR: Unhandled OCOffer State switch from DOWNLOADED.Unhandled OCOffer State switch from INSTALLINGERROR: Unhandled OCOffer State switch from INSTALLING.{\rtf1 {\colortbl;\red0\green0\blue0;\red255\green0\blue0;}\cf2Status ERROR! \cf1 There is an error with the offer and it has failed to install.\par}Reboot delay sleep startedUnhandled OCOffer State switch from MIGHT_BE_INSTALLEDERROR: Unhandled OCOffer State switch from MIGHT_BE_INSTALLED.Switching from SCHEDULED to FAILUREERROR: Switching from SCHEDULED to FAILURE.Set State to MIGHT_BE_INSTALLEDUnhandled OCOffer State switch from SCHEDULEDERROR: Unhandled OCOffer State switch from SCHEDULED.State switch from FAILURE to FAILURE, could be OK, check logic!ERROR: State switch from FAILURE to FAILURE, could be OK, check logic.Unhandled OCOffer State switch from FAILURE!ERROR: Unhandled OCOffer State switch from FAILURE.Unhandled OCOffer State switch from REBOOTERROR: Unhandled OCOffer State switch from REBOOT.ScriptPass1.0PublisherOfferOfferIdPassSelectedOfferedBySessionOfferCMDLineCRCUrlTestSizeMD5NameMgrIconInstallModeInstallerCmdLineTmpStorageLocalSessionId10ODLStartedOInstallStartedOEDLCompletedODLCompletedm_startMinimizedm_autoStartm_silentm_taskbarminm_hidesystemtraym_passive_installm_bPostInstallLaunchm_strLaunchBrowserPathm_strRegLaunchPathm_strRegLaunchSubKeyPathm_ocstrLaunchExeFullPathm_bShowRebootMsgAfterInstallm_bDisableCloseOnDownloadm_bCloseDialogOnInstallSuccessm_strRegLocationTODS,TODLC,TOIC,TOIS,TEODS,TEOIS,TEOIC,TSORC,TSODF,TSSL,TSGE,TSDEB,TSDEBE,TOCAPPE,TOCAPPEXProductSettingsDLM2-FLAGCould not open COCMemoryMappedFileERROR: OCOffer::ScheduleOfferERROR: OCOffer::ScheduleOffer Could not open COCMemoryMappedFile.TODSTODLCTOICTOISTEODSTEOISTEOICTSORCTSODFTSSLTSGETSDEBTSDEBETOCAPPE/Reboot/OCP/OCMIN/OCDELAY/OCMOREDELAY/AUTOSTART/SILENT/OCRETAINTASKBAR/OCHIDESYSTEMTRAY/RESTARTMESSAGE/OCIREG/PASSIVEINSTALL/OCDISABLECLOSEONDOWNLOAD/OCEXITAFTERINSTALL/NOOCCMD/DLMGR2NOCMD/RBDelay/RETC/RBRETC/LAUNCHFROMREGISTRY/LAUNCHFROMREGI
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeFile read: C:\Users\user\Desktop\BitTorrent-7.6.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\BitTorrent-7.6.exe "C:\Users\user\Desktop\BitTorrent-7.6.exe"
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeProcess created: C:\Users\user\Desktop\BitTorrent-7.6.exe "C:\Users\user\Desktop\BitTorrent-7.6.exe" /PERFORMINSTALL 30207 "C:\Program Files (x86)\BitTorrent" 1707618228
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeProcess created: C:\Program Files (x86)\BitTorrent\BitTorrent.exe BitTorrent.exe /NOINSTALL /BRINGTOFRONT
Source: unknownProcess created: C:\Program Files (x86)\BitTorrent\BitTorrent.exe "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED
Source: unknownProcess created: C:\Program Files (x86)\BitTorrent\BitTorrent.exe "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeProcess created: C:\Users\user\Desktop\BitTorrent-7.6.exe "C:\Users\user\Desktop\BitTorrent-7.6.exe" /PERFORMINSTALL 30207 "C:\Program Files (x86)\BitTorrent" 1707618228Jump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeProcess created: C:\Program Files (x86)\BitTorrent\BitTorrent.exe BitTorrent.exe /NOINSTALL /BRINGTOFRONTJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: riched20.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: usp10.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: firewallapi.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: fwbase.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: fwpolicyiomgr.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: comsvcs.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeSection loaded: sxs.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: secur32.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: netutils.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: firewallapi.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: fwbase.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: fwpolicyiomgr.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: hnetcfg.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: atl.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: wininet.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: npmproxy.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: devobj.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: schannel.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: secur32.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: secur32.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
Source: BitTorrent.lnk.2.drLNK file: ..\..\..\..\Program Files (x86)\BitTorrent\BitTorrent.exe
Source: BitTorrent.lnk0.2.drLNK file: ..\..\..\Program Files (x86)\BitTorrent\BitTorrent.exe
Source: BitTorrent.lnk1.2.drLNK file: ..\..\..\..\..\..\..\Program Files (x86)\BitTorrent\BitTorrent.exe
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeWindow found: window name: SysTabControl32Jump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeAutomated click: Next >
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeAutomated click: Next >
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeAutomated click: I Agree
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeAutomated click: Next >
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeAutomated click: Install
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeWindow detected: Number of UI elements: 24
Source: BitTorrent-7.6.exeStatic PE information: certificate valid
Source: BitTorrent-7.6.exeStatic file information: File size 6053744 > 1048576
Source: BitTorrent-7.6.exeStatic PE information: Raw size of .payload is bigger than: 0x100000 < 0x46ce00
Source: BitTorrent-7.6.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: rsaenh.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wkernel32.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001370000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: bcrypt.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ucrtbase.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: msvcrt.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001370000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wrpcrt4.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001370000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498788931.0000000001221000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: CoreMessaging.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: AppResolver.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: SLC.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: winnsi.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: cryptsp.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: cryptbase.pdbG source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: advapi32.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001370000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wsspicli.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: userenv.pdb% source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ntmarta.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: CLBCatQ.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: urlmon.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: bcryptprimitives.pdb% source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wkernelbase.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001370000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: shlwapi.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TextShaping.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: usp10.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: dwmapi.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: srvcli.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: comdlg32.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ws2_32.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: dbgcore.pdb9 source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: OneCoreCommonProxyStub.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: iphlpapi.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: nsi.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: srvcli.pdbs source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ole32.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: iertutil.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: msasn1.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: cfgmgr32.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Windows.Storage.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: combase.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wuser32.pdb% source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TextShaping.pdb/ source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ncrypt.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: msls31.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: dpapi.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: secur32.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: apphelp.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001370000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: rasadhlp.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: netutils.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Bcp47Langs.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: WinTypes.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wininet.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: winhttp.pdb[ source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wgdi32full.pdb% source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: c:\buildbot\bt_release_slave\bt_release_test\build\BitTorrent Release I18N VC6LIB\bittorrent.pdb source: BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmp
Source: Binary string: Kernel.Appcore.pdb% source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: shcore.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wwin32u.pdbe source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: riched20.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: sppc.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wgdi32.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: iphlpapi.pdbQ source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: shell32.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wininet.pdbI source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: msvcp_win.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: dnsapi.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wimm32.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: userenv.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: CoreUIComponents.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wwin32u.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: setupapi.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: winhttp.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: msimg32.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wUxTheme.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ntasn1.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Windows.StateRepositoryPS.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ntasn1.pdbk source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: OnDemandConnRouteHelper.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: dbghelp.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Windows.Storage.pdb% source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: msasn1.pdbu source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: profapi.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wgdi32full.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: WLDP.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: sechost.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001370000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: propsys.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: AppResolver.pdbm source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: msctf.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wmswsock.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: version.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TextInputFramework.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: dbgcore.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: CLBCatQ.pdb] source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: dbghelp.pdb# source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Kernel.Appcore.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: psapi.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: fwpuclnt.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: cryptbase.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: bcryptprimitives.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: msls31.pdba source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: oleaut32.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: OneCoreUAPCommonProxyStub.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wuser32.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: comctl32.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: edputil.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: crypt32.pdb source: BitTorrent-7.6.exe, 00000000.00000003.2498861354.0000000001379000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeCode function: 0_2_00466AA1 LoadLibraryA,GetProcAddress,GetLastError,0_2_00466AA1
Source: utt6F6B.tmp.zip.4.drStatic PE information: real checksum: 0x8fff7 should be: 0x5d1b4a
Source: BitTorrent.exe.2.drStatic PE information: real checksum: 0x8fff7 should be: 0x5d1b4a
Source: utt40AA.tmp.zip.4.drStatic PE information: real checksum: 0x8fff7 should be: 0x5d1b4a
Source: uttE3C4.tmp.0.drStatic PE information: real checksum: 0xbf338 should be: 0xbf3f0
Source: BitTorrent-7.6.exeStatic PE information: section name: .payload
Source: BitTorrent-7.6.exeStatic PE information: section name: .opcandy
Source: utt267C.tmp.zip.0.drStatic PE information: section name: .payload
Source: utt267C.tmp.zip.0.drStatic PE information: section name: .opcandy
Source: BitTorrent.exe.2.drStatic PE information: section name: .payload
Source: BitTorrent.exe.2.drStatic PE information: section name: .opcandy
Source: utt35EC.tmp.zip.2.drStatic PE information: section name: .payload
Source: utt35EC.tmp.zip.2.drStatic PE information: section name: .opcandy
Source: utt40AA.tmp.zip.4.drStatic PE information: section name: .payload
Source: utt40AA.tmp.zip.4.drStatic PE information: section name: .opcandy
Source: utt6F6B.tmp.zip.4.drStatic PE information: section name: .payload
Source: utt6F6B.tmp.zip.4.drStatic PE information: section name: .opcandy
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeCode function: 0_2_004E3930 push eax; ret 0_2_004E395E
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeCode function: 0_2_004013EF push ecx; ret 0_2_004013FF
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeCode function: 2_2_004E3930 push eax; ret 2_2_004E395E
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeCode function: 4_2_004E3930 push eax; ret 4_2_004E395E
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeCode function: 4_2_004013EF push ecx; ret 4_2_004013FF
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeFile created: C:\Users\user\AppData\Local\Temp\utt35EC.tmp.zipJump to dropped file
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeFile created: C:\Users\user\AppData\Local\Temp\utt40AA.tmp.zipJump to dropped file
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeFile created: C:\Users\user\AppData\Local\Temp\utt267C.tmp.zipJump to dropped file
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeFile created: C:\Users\user\AppData\Local\Temp\uttE3C4.tmpJump to dropped file
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeFile created: C:\Program Files (x86)\BitTorrent\BitTorrent.exeJump to dropped file
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeFile created: C:\Users\user\AppData\Local\Temp\utt6F6B.tmp.zipJump to dropped file
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeFile created: C:\Users\user\AppData\Local\Temp\utt267C.tmp.zipJump to dropped file
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeFile created: C:\Users\user\AppData\Local\Temp\utt35EC.tmp.zipJump to dropped file
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeFile created: C:\Users\user\AppData\Local\Temp\utt40AA.tmp.zipJump to dropped file
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeFile created: C:\Users\user\AppData\Local\Temp\utt6F6B.tmp.zipJump to dropped file
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\BitTorrent.lnkJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BitTorrentJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BitTorrentJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeCode function: 0_2_0042C2E5 IsIconic,GetModuleFileNameW,SetErrorMode,0_2_0042C2E5
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Contains functionality to detect sleep reduction / modifications
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeCode function: 0_2_0046F3370_2_0046F337
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeCode function: 2_2_0046F3372_2_0046F337
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeCode function: 4_2_0046F3374_2_0046F337
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeCode function: 8_2_0046F3378_2_0046F337
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeCode function: 9_2_0046F3379_2_0046F337
Delayed program exit found
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeCode function: 4_2_00485CB7 Sleep,ExitProcess,4_2_00485CB7
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\uttE3C4.tmpJump to dropped file
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeEvasive API call chain: GetLocalTime,DecisionNodesgraph_0-18095
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeEvasive API call chain: GetSystemTime,DecisionNodesgraph_0-19638
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeEvasive API call chain: RegOpenKey,DecisionNodes,Sleepgraph_0-18330
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeEvasive API call chain: RegOpenKey,DecisionNodes,Sleepgraph_8-950
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeCode function: 2_2_0046F3372_2_0046F337
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeCode function: 9_2_0046F3379_2_0046F337
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeFile Volume queried: C:\Users\user\AppData\Roaming\BitTorrent\Cache FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeCode function: 0_2_0046FA5E FindFirstFileW,FindClose,0_2_0046FA5E
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeCode function: 4_2_00470087 FindFirstFileW,FindNextFileW,FindClose,4_2_00470087
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeCode function: 4_2_0046FA5E FindFirstFileW,FindClose,4_2_0046FA5E
Source: BitTorrent.exe, 00000004.00000003.1887180836.0000000003DB1000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000002.2880314584.0000000003DB6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWosw
Source: BitTorrent.exe, 00000004.00000003.1913473583.0000000003134000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913805695.000000000317A000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913703169.0000000003179000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913908055.000000000318B000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913540162.000000000314D000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913593131.0000000003165000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 4fTtzlU8NVk1ENPwo++4hmufhW59yhKtiPxUvZEqVYgOrsa0dlC7JlKBiAdTLLZbI1gESNqOk2fWxVYC85QVjjEyqgXfL5f9ATvfNZHoZ6S3qHruOUdrR1aIeJ5fJm2z6CK1F1CdSatR5cE5TogkYbcBlncw2Pb27H8NE4weYpL0e4NTADk2h9JoDMCLjXPZXT09jZ1nZuy6h0MDM/5Rh/PVQeMu8SMApyKrBlJPA9fvBSxnRrGpc9urrGk9M1pfOq1exdcwOtXVOE0EUnFCpOXZrsoweMXO0pcY4+ext/VL8tLVhIguYjsFqbG+aeP67NHSKVVAVwVSrtbv3bFMlZB21HAtlf57pCzX0ynPy4P/dnHf/nSAZRh+jG8l0DXKfmECB47u7AHJNut3zMHgDQaC+eI4drQuu+vD6x6HuSyXnZgQ4HMuPXIq8s0H0m/bYy3vetuyp52xtzxQqXi+YECMfqJCRPMDlSsw4wU/sF29iPt2t+9HMpt3NrFweWuaR9SsPu75OmCr+a5RaK5NWaqDmz/wNQ+p37NrmWAHEVM0zY22f4boz70T4g20q5+8hwKkM3aSUfX6P6mNN4bemtN+lZMheFJze4x5Vey94WmbQMp6XYkUYcytMUf0wyFyoYvmnJh8R/xaato+oOseXtdOktb+/jIIVgfOErpALsE6S9I+aTtzQ5a4tAtX6lzwXMpzO6NrGVbziDDLxcUJDc9qXw19IK0QPwgihwaeH2qSUiEe0/PLxyqpKtg824YhT5K0bVDNOfd+B9pmrlPnkk/0pwwjiE7cPK+/VnU3RsTwYPrbhGtY7bjRbhTVhfJiEXs+/QyWzc35wsM/4TqI7JvAq0o3MR6apiD57wPR69hojz1sQbs/oRKnzI+lvMO42916lg5AEgxaKR6RuEV+U7SyepmbOaThiV5pIF4lpmbVjWBxuyIojNXmJo9muOL5IvI6fz91AsERxtQFib/f0E4CzknZ35/OoFHlyUUA3pIw0OKWj51TDmjzvXR9f15k
Source: BitTorrent-7.6.exe, 00000000.00000003.2490014748.00000000011E3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: BitTorrent-7.6.exe, 00000000.00000003.2487305505.00000000011C5000.00000004.00000020.00020000.00000000.sdmp, BitTorrent-7.6.exe, 00000000.00000003.2490098428.00000000011C5000.00000004.00000020.00020000.00000000.sdmp, BitTorrent-7.6.exe, 00000000.00000002.2503755577.00000000011C5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWS
Source: BitTorrent-7.6.exe, 00000000.00000003.2487305505.00000000011C5000.00000004.00000020.00020000.00000000.sdmp, BitTorrent-7.6.exe, 00000000.00000002.2503248340.0000000001140000.00000004.00000020.00020000.00000000.sdmp, BitTorrent-7.6.exe, 00000000.00000003.2490098428.00000000011C5000.00000004.00000020.00020000.00000000.sdmp, BitTorrent-7.6.exe, 00000000.00000002.2503755577.00000000011C5000.00000004.00000020.00020000.00000000.sdmp, BitTorrent-7.6.exe, 00000000.00000003.2490167650.000000000113F000.00000004.00000020.00020000.00000000.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862697461.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862697461.0000000000F71000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000002.2879664016.0000000000F5E000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000002.2879951727.0000000001045000.00000004.00000001.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.2170705484.0000000001045000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: BitTorrent-7.6.exe, 00000000.00000003.2490014748.00000000011E3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: BitTorrent-7.6.exe, 00000002.00000002.1862697461.0000000000F71000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWF
Source: BitTorrent.exe, 00000008.00000002.1999769551.0000000001118000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: BitTorrent.exe, 00000009.00000002.2079189285.0000000000F68000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllZZ
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeAPI call chain: ExitProcess graph end nodegraph_4-21931
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Found API chain indicative of debugger detection
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeDebugger detection routine: GetTickCount, GetTickCount, DecisionNodes, ExitProcess or Sleepgraph_0-18244
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeCode function: 0_2_00466AA1 LoadLibraryA,GetProcAddress,GetLastError,0_2_00466AA1
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeCode function: 0_2_004A12C8 keybd_event,keybd_event,keybd_event,0_2_004A12C8
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeProcess created: C:\Users\user\Desktop\BitTorrent-7.6.exe "C:\Users\user\Desktop\BitTorrent-7.6.exe" /PERFORMINSTALL 30207 "C:\Program Files (x86)\BitTorrent" 1707618228Jump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeCode function: 0_2_004A10D5 GetLocalTime,0_2_004A10D5
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeCode function: 0_2_0043CB3D GetVersionExW,LoadLibraryA,GetProcAddress,FreeLibrary,0_2_0043CB3D
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATIONJump to behavior
Source: C:\Users\user\Desktop\BitTorrent-7.6.exeCode function: 0_2_0046BDED bind,0_2_0046BDED
Source: C:\Program Files (x86)\BitTorrent\BitTorrent.exeCode function: 4_2_0046BDED bind,4_2_0046BDED

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting		Valid Accounts2
Command and Scripting Interpreter		1
Scripting		11
Process Injection		12
Masquerading		OS Credential Dumping1
System Time Discovery		Remote Services1
Archive Collected Data		21
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts2
Native API		11
Registry Run Keys / Startup Folder		11
Registry Run Keys / Startup Folder		11
Virtualization/Sandbox Evasion		LSASS Memory421
Security Software Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Standard Port		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
DLL Side-Loading		1
DLL Side-Loading		1
Modify Registry		Security Account Manager11
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive3
Ingress Tool Transfer		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
Process Injection		NTDS2
Process Discovery		Distributed Component Object ModelInput Capture3
Non-Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Deobfuscate/Decode Files or Information		LSA Secrets1
Application Window Discovery		SSHKeylogging4
Application Layer Protocol		Scheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts21
Obfuscated Files or Information		Cached Domain Credentials2
File and Directory Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
Software Packing		DCSync16
System Information Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
DLL Side-Loading		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1430082 Sample: BitTorrent-7.6.exe Startdate: 23/04/2024 Architecture: WINDOWS Score: 42 41 www.mininova.org 2->41 43 www.bittorrent.com 2->43 45 8 other IPs or domains 2->45 51 Antivirus detection for dropped file 2->51 53 Multi AV Scanner detection for dropped file 2->53 55 Multi AV Scanner detection for submitted file 2->55 57 3 other signatures 2->57 7 BitTorrent-7.6.exe 1 64 2->7         started        12 BitTorrent.exe 31 2->12         started        14 BitTorrent.exe 31 2->14         started        signatures3 process4 dnsIp5 47 update.bittorrent.com 173.254.195.58, 80 ASN-QUADRANET-GLOBALUS United States 7->47 31 C:\Users\user\AppData\Local\...\uttE3C4.tmp, PE32 7->31 dropped 33 C:\Users\user\AppData\...\utt267C.tmp.zip, PE32 7->33 dropped 59 Found API chain indicative of debugger detection 7->59 61 Tries to detect sandboxes / dynamic malware analysis system (registry check) 7->61 63 Contains functionality to detect sleep reduction / modifications 7->63 16 BitTorrent.exe 28 53 7->16         started        21 BitTorrent-7.6.exe 33 55 7->21         started        file6 signatures7 process8 dnsIp9 35 114.79.57.255, 6881 WIRELESSNET-IDPTWIRELESSINDONESIAWINID Indonesia 16->35 37 188.73.239.131, 44299 WIND-ASGR Greece 16->37 39 97 other IPs or domains 16->39 23 C:\Users\user\AppData\...\utt6F6B.tmp.zip, PE32 16->23 dropped 25 C:\Users\user\AppData\...\utt40AA.tmp.zip, PE32 16->25 dropped 49 Tries to detect sandboxes / dynamic malware analysis system (registry check) 16->49 27 C:\Users\user\AppData\...\utt35EC.tmp.zip, PE32 21->27 dropped 29 C:\Program Files (x86)\...\BitTorrent.exe, PE32 21->29 dropped file10 signatures11

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
BitTorrent-7.6.exe24%VirustotalBrowse
BitTorrent-7.6.exe30%ReversingLabsWin32.PUA.Generic

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\uttE3C4.tmp100%AviraPUA/OpenCandy.Gen
C:\Users\user\AppData\Local\Temp\uttE3C4.tmp100%Joe Sandbox ML
C:\Program Files (x86)\BitTorrent\BitTorrent.exe100%Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\utt40AA.tmp.zip100%Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\utt6F6B.tmp.zip100%Joe Sandbox ML
C:\Program Files (x86)\BitTorrent\BitTorrent.exe23%ReversingLabs
C:\Program Files (x86)\BitTorrent\BitTorrent.exe28%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\utt267C.tmp.zip30%ReversingLabsWin32.PUA.Generic
C:\Users\user\AppData\Local\Temp\utt267C.tmp.zip24%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\utt35EC.tmp.zip30%ReversingLabsWin32.PUA.Generic
C:\Users\user\AppData\Local\Temp\utt35EC.tmp.zip24%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\utt40AA.tmp.zip23%ReversingLabs
C:\Users\user\AppData\Local\Temp\utt40AA.tmp.zip28%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\utt6F6B.tmp.zip23%ReversingLabs
C:\Users\user\AppData\Local\Temp\utt6F6B.tmp.zip28%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\uttE3C4.tmp59%ReversingLabsWin32.Adware.OpenCandy
C:\Users\user\AppData\Local\Temp\uttE3C4.tmp58%VirustotalBrowse

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://stats.opencandy.com/&debug=&k=&partner_key=&v=OCVBValidateFFRXFWCHECKASCHECKAVCHECKCMPFCRESRC0%VirustotalBrowse
http://opencandy.com1%VirustotalBrowse
http://tracker.publicbt.com:80/announce1%VirustotalBrowse
http://api.opencandy.com3%VirustotalBrowse
http://www.opencandy.com/successful-integration/.1%VirustotalBrowse
http://sdk.opencandy.com/deverrorredirect.php?sdk=%s&err=%d3%VirustotalBrowse

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
router.bittorrent.com
67.215.246.10
truefalse
    		high
    d3uao53cqpzd42.cloudfront.net
    		99.86.228.107
    		truefalse
      		high
      update.utorrent.com
      		67.215.246.203
      		truefalse
        		high
        bittorrent-1.hs.llnwd.net
        		208.111.131.209
        		truefalse
          		high
          mininova.org
          		188.166.49.116
          		truefalse
            		high
            update.bittorrent.com
            		173.254.195.58
            		truefalse
              		high
              router.utorrent.com
              		82.221.103.244
              		truefalse
                		high
                apps.bittorrent.com
                		unknown
                		unknownfalse
                  		high
                  www.bittorrent.com
                  		unknown
                  		unknownfalse
                    		high
                    www.mininova.org
                    		unknown
                    		unknownfalse
                      		high

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      http://apps.bittorrent.com/utorrent-onboarding/welcome.btappfalse
                        		high
                        http://apps.bittorrent.com/utorrent-onboarding/player.btappfalse
                          		high
                          http://apps.bittorrent.com/utorrent-onboarding/plus-bt.btappfalse
                            		high
                            http://www.mininova.org/favicon.icofalse
                              		high

                              URLs from Memory and Binaries

                              NameSourceMaliciousAntivirus DetectionReputation
                              http://apps.bittorrent.com/discoverContent/discoverContent.btappBitTorrent.exe, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2079313093.0000000001810000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                http://www.utorrent.com/faqBitTorrent.exe, 00000009.00000002.2078700014.000000000052C000.00000040.00000001.01000000.00000008.sdmpfalse
                                  		high
                                  http://192.168.2.4:dBitTorrent.exe, 00000004.00000002.2879985412.0000000003114000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.2170665852.0000000003120000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		low
                                    http://api.opencandy.comBitTorrent-7.6.exe, utt267C.tmp.zip.0.dr, uttE3C4.tmp.0.dr, BitTorrent.exe.2.dr, utt40AA.tmp.zip.4.dr, utt6F6B.tmp.zip.4.drfalseunknown
                                    https://t.me/BTTBitTorrentKRBitTorrent.exe, 00000004.00000003.1930685179.0000000007F81000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      http://utorrent.com/webui/webui-%s-%s.zipBitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpfalse
                                        		high
                                        http://apps.bittorrent.com/utorrent-onboarding/welcome.btapp/BitTorrent-7.6.exe, 00000000.00000002.2502854820.0000000000FB7000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          http://dslreports.com/speedtest/BitTorrent.exe, 00000009.00000002.2078700014.000000000052C000.00000040.00000001.01000000.00000008.sdmpfalse
                                            		high
                                            http://%s/offers/bt-en-conduit-20110902.exeBitTorrent.exe, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpfalse
                                              		low
                                              https://activate.utorrent.com/get_avnboeBitTorrent-7.6.exe, 00000000.00000002.2502854820.0000000000FB7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                http://update.bittorrent.com/checkupdate.phpBitTorrent.exe, 00000004.00000002.2879985412.000000000310B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://activate.utorrent.com/get_playerrding/pAX_BitTorrent-7.6.exe, 00000002.00000002.1862911719.0000000001748000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://apps.bittorrent.com/utorrent-onboarding/plus-bt.btappEXBitTorrent-7.6.exe, 00000002.00000002.1862869540.00000000015C0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://www.bittorrent.com/legal/bittorrent-eula.BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpfalse
                                                        		high
                                                        http://update.utorrent.com/speedstats.php?result=BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpfalse
                                                          		high
                                                          http://stats.opencandy.com/&debug=&k=&partner_key=&v=OCVBValidateFFRXFWCHECKASCHECKAVCHECKCMPFCRESRCBitTorrent-7.6.exe, utt267C.tmp.zip.0.dr, uttE3C4.tmp.0.dr, BitTorrent.exe.2.dr, utt40AA.tmp.zip.4.dr, utt6F6B.tmp.zip.4.drfalseunknown
                                                          http://curl.haxx.se/rfc/cookie_spec.htmlBitTorrent-7.6.exe, utt267C.tmp.zip.0.dr, uttE3C4.tmp.0.dr, BitTorrent.exe.2.dr, utt40AA.tmp.zip.4.dr, utt6F6B.tmp.zip.4.drfalse
                                                            		high
                                                            http://update.utorrent.com/survey%3d.%1d%%rebarfile=%sactive_paneplus_bgBitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpfalse
                                                              		high
                                                              https://www.bittorrent.com/ko/404.htmlBitTorrent.exe, 00000004.00000003.1913473583.0000000003134000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913805695.000000000317A000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913703169.0000000003179000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913540162.000000000314D000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913593131.0000000003165000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913970069.000000000317A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://instagram.com/bittorrentBitTorrent.exe, 00000004.00000003.1913473583.0000000003134000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913805695.000000000317A000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913703169.0000000003179000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913908055.000000000318B000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913540162.000000000314D000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913593131.0000000003165000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://www.bittorrent.com/ru/404.htmlBitTorrent.exe, 00000004.00000003.1913473583.0000000003134000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913805695.000000000317A000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913703169.0000000003179000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913540162.000000000314D000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913593131.0000000003165000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913970069.000000000317A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://apps.bittorrent.com/featuredcontent/featuredcontent.btapptToEXBitTorrent-7.6.exe, 00000002.00000002.1862911719.0000000001740000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://www.bittorrent.com/sites/default/files/bittorrent2_favicon.icohttp://www.bittorrent.com://httBitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpfalse
                                                                        		high
                                                                        http://%02x%02x%02x%02x.%sBitTorrent.exe, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpfalse
                                                                          		low
                                                                          http://www.mininova.org/search/?cat=0&search=0BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpfalse
                                                                            		high
                                                                            http://apps.bittorrent.com/utorrent-onboarding/player.btapps.BitTorrent.exe, 00000004.00000003.1887180836.0000000003DD0000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000002.2880314584.0000000003DD0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://opencandy.comBitTorrent-7.6.exe, utt267C.tmp.zip.0.dr, uttE3C4.tmp.0.dr, BitTorrent.exe.2.dr, utt40AA.tmp.zip.4.dr, utt6F6B.tmp.zip.4.drfalseunknown
                                                                              http://llsw.download3.utorrent.com/offers/bt_conduit-20110119.bmptTo#BitTorrent-7.6.exe, 00000000.00000002.2503088728.00000000010DD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://pr.apps.bittorrent.com/share/share.btappbtapps.apps_channelbtapps.app_storegui.show_plus_upseBitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpfalse
                                                                                  		high
                                                                                  http://utorrent.com/testport?plain=1BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpfalse
                                                                                    		high
                                                                                    http://update.utorrent.com/uninstall?type=%s-%U&h=%s&v=%dBitTorrent.exe, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpfalse
                                                                                      		high
                                                                                      http://update.utorrent.com/installoffer.phpshare_offer_checkedcontent_offer_alttextcontent_offer_cheBitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpfalse
                                                                                        		high
                                                                                        http://update.utorrent.com/speedserverlist.phpBitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpfalse
                                                                                          		high
                                                                                          http://127.0.0.1:%d/proxy?sid=%S&file=%dBitTorrent.exefalse
                                                                                            		low
                                                                                            https://activate.utorrent.com/get_codec667BitTorrent-7.6.exe, 00000002.00000002.1862911719.0000000001748000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://www.mininova.org/search/?cat=0&search=EBitTorrent.exe, 00000004.00000002.2879628422.0000000000F38000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://remote.bittorrent.comBitTorrent.exe, 00000004.00000003.1913970069.000000000317A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://update.utorrent.com/uninstall?type=%s-%U&h=%s&v=%dSoftwareBitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpfalse
                                                                                                    		high
                                                                                                    http://%02x%02x%02x%02x.%s%s&customer=%s%s&h=%s%s&url=%UGetProcessMemoryInfopsapi.dllBitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpfalse
                                                                                                      		low
                                                                                                      https://t.me/BTTBitTorrentJPBitTorrent.exe, 00000004.00000003.1913645964.000000000319B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://activate.utorrent.com/get_avDXBitTorrent-7.6.exe, 00000002.00000002.1862911719.0000000001740000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://github.com/twbs/bootstrap/blob/master/LICENSE)BitTorrent.exe, 00000004.00000002.2879985412.0000000003114000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.2170665852.0000000003120000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1930685179.0000000007F81000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://t.me/BTTBitTorrentIRBitTorrent.exe, 00000004.00000003.1913645964.000000000319B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://utorrent.com/webui-guide.phpBitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpfalse
                                                                                                                		high
                                                                                                                http://www.mininova.org/search/?cat=0&search=;BitTorrent.exe, 00000004.00000002.2879985412.00000000030F0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://tracker.publicbt.com:80/announceBitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpfalseunknown
                                                                                                                  https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.eot?#iefix&v=4.7.0BitTorrent.exe, 00000004.00000003.1913805695.0000000003168000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://127.0.0.1:%d/proxy?sid=%x&file=%dBitTorrent.exe, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpfalse
                                                                                                                      		low
                                                                                                                      https://bittrex.comBitTorrent.exe, 00000004.00000003.1913473583.0000000003134000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913805695.000000000317A000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913703169.0000000003179000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913908055.000000000318B000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913540162.000000000314D000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913593131.0000000003165000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://www.mininova.org/search/?cat=0&search=mBitTorrent.exe, 00000008.00000002.1999736139.0000000001078000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000009.00000002.2079313093.0000000001818000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://download.utorrent.com/help/bittorrent-help-7600.zipBitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://featuredcontent.staging.utorrent.comBitTorrent.exefalse
                                                                                                                              		high
                                                                                                                              http://apps.bittorrent.com/utorrent-onboarding/player.btappBBitTorrent.exe, 00000004.00000002.2879951727.0000000001045000.00000004.00000001.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.2170705484.0000000001045000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://update.bittorrent.com/installstats.phpBitTorrent-7.6.exe, 00000000.00000002.2502854820.0000000000FC0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http:///?proxy;IsWow64Processkernel32GetNativeSystemInfokernel32.dllWIN7.0WSV7.0SP-64WIN6.0WSV6.0WSVBitTorrent-7.6.exe, utt267C.tmp.zip.0.dr, uttE3C4.tmp.0.dr, BitTorrent.exe.2.dr, utt40AA.tmp.zip.4.dr, utt6F6B.tmp.zip.4.drfalse
                                                                                                                                    		low
                                                                                                                                    http://192.168.2.4:BitTorrent.exe, 00000004.00000002.2879985412.0000000003114000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.2170665852.0000000003120000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		unknown
                                                                                                                                      http://www.opencandy.comMsg_HelpUrlInstallationBitTorrent-7.6.exe, utt267C.tmp.zip.0.dr, uttE3C4.tmp.0.dr, BitTorrent.exe.2.dr, utt40AA.tmp.zip.4.dr, utt6F6B.tmp.zip.4.drfalse
                                                                                                                                        		low
                                                                                                                                        https://www.bittorrent.com/de/404.htmlBitTorrent.exe, 00000004.00000003.1913473583.0000000003134000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913805695.000000000317A000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913703169.0000000003179000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913540162.000000000314D000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913593131.0000000003165000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913970069.000000000317A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://forum.bittorrent.com/.BitTorrent.exe, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://apps.bittorrent.com/utorrent-onboarding/player.btappFBitTorrent.exe, 00000004.00000002.2879628422.0000000000F38000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://apps.bittorrent.com/utorrent-onboarding/plus-bt.btappiBitTorrent-7.6.exe, 00000002.00000002.1862869540.00000000015C0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://apps.bittorrent.com/store/store.btappatuCYVBitTorrent-7.6.exe, 00000002.00000002.1862869540.00000000015C0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://apps.bittorrent.com/store/store.btapphttp://apps.bittorrent.com/featuredcontent/featuredconteBitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://www.bittorrent.com/sites/default/files/bittorrent2_favicon.icoNBitTorrent.exe, 00000004.00000002.2879985412.000000000310B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://apps.bittorrent.com/utorrent-onboarding/plus-bt.btappzBitTorrent.exe, 00000004.00000003.2170705484.000000000103F000.00000004.00000800.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000002.2879951727.000000000103F000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://apps.bittorrent.com/utorrent-onboarding/plus-bt.btappwBitTorrent-7.6.exe, 00000000.00000002.2502854820.0000000000FC0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://www.utorrent.com/testport.php?port=%dBitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://www.utorrent.com/share/inclient/dhttp://www.utorrent.com/share/inclient/chttp://www.utorrent.BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://pr.apps.bittorrent.com/share/share.btappHBitTorrent.exe, 00000004.00000002.2879628422.0000000000F30000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://www.bitmedianetwork.comBitTorrent.exe, 00000004.00000003.1913473583.0000000003134000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913805695.000000000317A000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913703169.0000000003179000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913908055.000000000318B000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913540162.000000000314D000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913593131.0000000003165000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://update.bittorrent.com/rrent-onboarding/player.btappBitTorrent-7.6.exe, 00000000.00000003.2487305505.0000000001164000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.ttf?v=4.7.0BitTorrent.exe, 00000004.00000003.1913805695.0000000003168000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://%s/checkupdate.phphttp://%s/updatestats.phphttp://%s/installstats.phpopen/AUTOUPDATEBitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpfalse
                                                                                                                                                                        		low
                                                                                                                                                                        http://www.bittorrent.com.BitTorrent.exe, 00000009.00000002.2078700014.000000000052C000.00000040.00000001.01000000.00000008.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://apps.bittorrent.com/utorrent-onboarding/player.btapp2xBitTorrent-7.6.exe, 00000000.00000002.2503755577.00000000011BD000.00000004.00000020.00020000.00000000.sdmp, BitTorrent-7.6.exe, 00000000.00000003.2487305505.00000000011BD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://sdk.opencandy.com/deverrorredirect.php?sdk=%s&err=%dBitTorrent-7.6.exe, utt267C.tmp.zip.0.dr, uttE3C4.tmp.0.dr, BitTorrent.exe.2.dr, utt40AA.tmp.zip.4.dr, utt6F6B.tmp.zip.4.drfalseunknown
                                                                                                                                                                            http://remote.utorrent.com/send?btih=BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.woff?v=4.7.0BitTorrent.exe, 00000004.00000003.1913805695.0000000003168000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://apps.bittorrent.com/utorrent-onboarding/plus-bt.btapp$BitTorrent-7.6.exe, 00000000.00000002.2503755577.00000000011BD000.00000004.00000020.00020000.00000000.sdmp, BitTorrent-7.6.exe, 00000000.00000003.2487305505.00000000011BD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://help.bittorrent.comBitTorrent.exe, 00000009.00000002.2078700014.000000000052C000.00000040.00000001.01000000.00000008.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://www.bittorrent.com/social/bittorrent.pngBitTorrent.exe, 00000004.00000003.1913970069.000000000317A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://apps.bittorrent.com/utorrent-onboarding/player.btappsBitTorrent.exe, 00000004.00000003.1887180836.0000000003DB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://www.mininova.org/search/?cat=0&search=BitTorrent.exe, BitTorrent.exe, 00000009.00000002.2079313093.0000000001818000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://www.poloniex.comBitTorrent.exe, 00000004.00000003.1913473583.0000000003134000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913805695.000000000317A000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913703169.0000000003179000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913908055.000000000318B000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913540162.000000000314D000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913593131.0000000003165000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            http://www.bittorrent.com?client=bittorrent7600BitTorrent-7.6.exe, 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent-7.6.exe, 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, BitTorrent.exe, 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://www.opencandy.com/successful-integration/.BitTorrent-7.6.exe, utt267C.tmp.zip.0.dr, uttE3C4.tmp.0.dr, BitTorrent.exe.2.dr, utt40AA.tmp.zip.4.dr, utt6F6B.tmp.zip.4.drfalseunknown
                                                                                                                                                                                              http://www.utorrent.com/faq#mlabsBitTorrent.exe, 00000009.00000002.2078700014.000000000052C000.00000040.00000001.01000000.00000008.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                http://apps.bittorrent.com/utorrent-onboarding/plus-bt.btapp.BitTorrent.exe, 00000004.00000003.1887180836.0000000003DD0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://getbootstrap.com/)BitTorrent.exe, 00000004.00000002.2879985412.0000000003114000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.2170665852.0000000003120000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1930685179.0000000007F81000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    http://update.bittorrent.com/installstats.php?v=247556090&h=LGrCdlzYZ6xdNXqD&w=23F00206&bu=0&pr=0&cmBitTorrent-7.6.exe, 00000000.00000002.2502854820.0000000000FB7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://www.bittorrent.com/tl/404.htmlBitTorrent.exe, 00000004.00000003.1913473583.0000000003134000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913805695.000000000317A000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913703169.0000000003179000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913540162.000000000314D000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913593131.0000000003165000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913970069.000000000317A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        http://update.bittorrent.com/MicrosoftBitTorrent-7.6.exe, 00000000.00000003.2487188333.00000000011FB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          http://remote.utorrent.com/BitTorrent.exe, BitTorrent.exe, 00000009.00000002.2078700014.000000000052C000.00000040.00000001.01000000.00000008.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://www.bittorrent.com/hi/404.htmlBitTorrent.exe, 00000004.00000003.1913473583.0000000003134000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913805695.000000000317A000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913703169.0000000003179000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913540162.000000000314D000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913593131.0000000003165000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913970069.000000000317A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://activate.utorrent.com/get_codecBitTorrent.exe, BitTorrent.exe, 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://www.binance.comBitTorrent.exe, 00000004.00000003.1913473583.0000000003134000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913805695.000000000317A000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913703169.0000000003179000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913540162.000000000314D000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913593131.0000000003165000.00000004.00000020.00020000.00000000.sdmp, BitTorrent.exe, 00000004.00000003.1913970069.000000000317A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high

                                                                                                                                                                                                                  World Map of Contacted IPs

                                                                                                                                                                                                                  • No. of IPs < 25%
                                                                                                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                                                                                                  • 75% < No. of IPs

                                                                                                                                                                                                                  Public IPs

                                                                                                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                  45.232.190.108
                                                                                                                                                                                                                  		unknownBrazil
                                                                                                                                                                                                                  		267272TELECOMLTDAMEBRfalse
                                                                                                                                                                                                                  72.39.95.38
                                                                                                                                                                                                                  		unknownCanada
                                                                                                                                                                                                                  		7992COGECOWAVECAfalse
                                                                                                                                                                                                                  178.66.80.243
                                                                                                                                                                                                                  		unknownRussian Federation
                                                                                                                                                                                                                  		12389ROSTELECOM-ASRUfalse
                                                                                                                                                                                                                  112.71.42.143
                                                                                                                                                                                                                  		unknownJapan17511OPTAGEOPTAGEIncJPfalse
                                                                                                                                                                                                                  31.10.174.45
                                                                                                                                                                                                                  		unknownSwitzerland
                                                                                                                                                                                                                  		6830LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHoldingfalse
                                                                                                                                                                                                                  189.34.199.201
                                                                                                                                                                                                                  		unknownBrazil
                                                                                                                                                                                                                  		28573CLAROSABRfalse
                                                                                                                                                                                                                  219.109.62.39
                                                                                                                                                                                                                  		unknownJapan18260E-CATVEHIMECATVCOLTDJPfalse
                                                                                                                                                                                                                  24.48.26.106
                                                                                                                                                                                                                  		unknownCanada
                                                                                                                                                                                                                  		5769VIDEOTRONCAfalse
                                                                                                                                                                                                                  185.82.199.201
                                                                                                                                                                                                                  		unknownRussian Federation
                                                                                                                                                                                                                  		210267MAXIMAN-ASRUfalse
                                                                                                                                                                                                                  62.45.105.29
                                                                                                                                                                                                                  		unknownNetherlands
                                                                                                                                                                                                                  		15435KABELFOONDELTAFiberNederlandNLfalse
                                                                                                                                                                                                                  2.34.90.28
                                                                                                                                                                                                                  		unknownItaly
                                                                                                                                                                                                                  		30722VODAFONE-IT-ASNITfalse
                                                                                                                                                                                                                  193.233.122.71
                                                                                                                                                                                                                  		unknownRussian Federation
                                                                                                                                                                                                                  		20549FREE-MPEIRUfalse
                                                                                                                                                                                                                  51.75.45.182
                                                                                                                                                                                                                  		unknownFrance
                                                                                                                                                                                                                  		16276OVHFRfalse
                                                                                                                                                                                                                  81.206.196.205
                                                                                                                                                                                                                  		unknownNetherlands
                                                                                                                                                                                                                  		1136KPNKPNNationalEUfalse
                                                                                                                                                                                                                  140.249.254.113
                                                                                                                                                                                                                  		unknownChina
                                                                                                                                                                                                                  		58541CHINATELECOM-SHANDONG-QINGDAO-IDCQingdao266000CNfalse
                                                                                                                                                                                                                  27.224.235.174
                                                                                                                                                                                                                  		unknownChina
                                                                                                                                                                                                                  		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
                                                                                                                                                                                                                  67.188.191.48
                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                  		7922COMCAST-7922USfalse
                                                                                                                                                                                                                  59.126.118.214
                                                                                                                                                                                                                  		unknownTaiwan; Republic of China (ROC)
                                                                                                                                                                                                                  		3462HINETDataCommunicationBusinessGroupTWfalse
                                                                                                                                                                                                                  49.207.207.143
                                                                                                                                                                                                                  		unknownIndia
                                                                                                                                                                                                                  		24309CABLELITE-AS-APAtriaConvergenceTechnologiesPvtLtdBrofalse
                                                                                                                                                                                                                  177.222.36.147
                                                                                                                                                                                                                  		unknownBolivia
                                                                                                                                                                                                                  		52840AvaTelecomunicacoesLTDABRfalse
                                                                                                                                                                                                                  162.55.243.114
                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                  		35893ACPCAfalse
                                                                                                                                                                                                                  220.87.123.13
                                                                                                                                                                                                                  		unknownKorea Republic of
                                                                                                                                                                                                                  		4766KIXS-AS-KRKoreaTelecomKRfalse
                                                                                                                                                                                                                  119.112.241.33
                                                                                                                                                                                                                  		unknownChina
                                                                                                                                                                                                                  		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
                                                                                                                                                                                                                  176.118.158.139
                                                                                                                                                                                                                  		unknownBelarus
                                                                                                                                                                                                                  		49711FLYNETBYfalse
                                                                                                                                                                                                                  190.53.249.253
                                                                                                                                                                                                                  		unknownHonduras
                                                                                                                                                                                                                  		20299NewcomLimitedGTfalse
                                                                                                                                                                                                                  82.221.103.244
                                                                                                                                                                                                                  		router.utorrent.comIceland
                                                                                                                                                                                                                  		50613THORDC-ASISfalse
                                                                                                                                                                                                                  223.146.196.186
                                                                                                                                                                                                                  		unknownChina
                                                                                                                                                                                                                  		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
                                                                                                                                                                                                                  95.8.96.167
                                                                                                                                                                                                                  		unknownTurkey
                                                                                                                                                                                                                  		9121TTNETTRfalse
                                                                                                                                                                                                                  200.115.244.198
                                                                                                                                                                                                                  		unknownArgentina
                                                                                                                                                                                                                  		27747TelecentroSAARfalse
                                                                                                                                                                                                                  181.57.122.71
                                                                                                                                                                                                                  		unknownColombia
                                                                                                                                                                                                                  		10620TelmexColombiaSACOfalse
                                                                                                                                                                                                                  223.78.80.48
                                                                                                                                                                                                                  		unknownChina
                                                                                                                                                                                                                  		24444CMNET-V4SHANDONG-AS-APShandongMobileCommunicationCompanyfalse
                                                                                                                                                                                                                  174.126.156.240
                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                  		11492CABLEONEUSfalse
                                                                                                                                                                                                                  125.131.94.131
                                                                                                                                                                                                                  		unknownKorea Republic of
                                                                                                                                                                                                                  		4766KIXS-AS-KRKoreaTelecomKRfalse
                                                                                                                                                                                                                  95.25.120.227
                                                                                                                                                                                                                  		unknownRussian Federation
                                                                                                                                                                                                                  		3216SOVAM-ASRUfalse
                                                                                                                                                                                                                  182.221.141.232
                                                                                                                                                                                                                  		unknownKorea Republic of
                                                                                                                                                                                                                  		17858POWERVIS-AS-KRLGPOWERCOMMKRfalse
                                                                                                                                                                                                                  51.36.141.84
                                                                                                                                                                                                                  		unknownUnited Kingdom
                                                                                                                                                                                                                  		43766MTC-KSA-ASSAfalse
                                                                                                                                                                                                                  95.104.190.210
                                                                                                                                                                                                                  		unknownRussian Federation
                                                                                                                                                                                                                  		49816CMST-VOLGA-SIMBIRSKASRUfalse
                                                                                                                                                                                                                  71.174.226.33
                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                  		701UUNETUSfalse
                                                                                                                                                                                                                  114.79.57.255
                                                                                                                                                                                                                  		unknownIndonesia
                                                                                                                                                                                                                  		18004WIRELESSNET-IDPTWIRELESSINDONESIAWINIDfalse
                                                                                                                                                                                                                  45.65.215.242
                                                                                                                                                                                                                  		unknownBrazil
                                                                                                                                                                                                                  		266525MAXTELECOMUNICACOESLTDA-MEBRfalse
                                                                                                                                                                                                                  118.116.96.24
                                                                                                                                                                                                                  		unknownChina
                                                                                                                                                                                                                  		139220CHINANET-SICHUAN-CHUANXI-IDCSichuanChuanxnIDCCNfalse
                                                                                                                                                                                                                  54.77.218.23
                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                  		16509AMAZON-02USfalse
                                                                                                                                                                                                                  157.35.76.198
                                                                                                                                                                                                                  		unknownIndia
                                                                                                                                                                                                                  		55836RELIANCEJIO-INRelianceJioInfocommLimitedINfalse
                                                                                                                                                                                                                  49.12.86.202
                                                                                                                                                                                                                  		unknownGermany
                                                                                                                                                                                                                  		24940HETZNER-ASDEfalse
                                                                                                                                                                                                                  177.105.244.238
                                                                                                                                                                                                                  		unknownBrazil
                                                                                                                                                                                                                  		262314MWFTELECOMBRfalse
                                                                                                                                                                                                                  184.56.71.32
                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                  		10796TWC-10796-MIDWESTUSfalse
                                                                                                                                                                                                                  54.194.135.233
                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                  		16509AMAZON-02USfalse
                                                                                                                                                                                                                  138.117.194.160
                                                                                                                                                                                                                  		unknownBrazil
                                                                                                                                                                                                                  		262316AtekyInternetEireliMeBRfalse
                                                                                                                                                                                                                  197.184.176.1
                                                                                                                                                                                                                  		unknownSouth Africa
                                                                                                                                                                                                                  		37105NEOLOGY-ASZAfalse
                                                                                                                                                                                                                  176.37.166.210
                                                                                                                                                                                                                  		unknownUkraine
                                                                                                                                                                                                                  		39608LANETUA-ASUAfalse
                                                                                                                                                                                                                  177.184.240.1
                                                                                                                                                                                                                  		unknownBrazil
                                                                                                                                                                                                                  		262877MIRAGENETTELECOMUNICACOESLTDABRfalse
                                                                                                                                                                                                                  14.161.253.143
                                                                                                                                                                                                                  		unknownViet Nam
                                                                                                                                                                                                                  		45899VNPT-AS-VNVNPTCorpVNfalse
                                                                                                                                                                                                                  5.8.228.246
                                                                                                                                                                                                                  		unknownRussian Federation
                                                                                                                                                                                                                  		21365INTELECA-ASRussiaBarnaulRUfalse
                                                                                                                                                                                                                  47.15.37.100
                                                                                                                                                                                                                  		unknownIndia
                                                                                                                                                                                                                  		55836RELIANCEJIO-INRelianceJioInfocommLimitedINfalse
                                                                                                                                                                                                                  189.48.199.234
                                                                                                                                                                                                                  		unknownBrazil
                                                                                                                                                                                                                  		7738TelemarNorteLesteSABRfalse
                                                                                                                                                                                                                  185.215.167.200
                                                                                                                                                                                                                  		unknownGermany
                                                                                                                                                                                                                  		46261QUICKPACKETUSfalse
                                                                                                                                                                                                                  182.118.46.36
                                                                                                                                                                                                                  		unknownChina
                                                                                                                                                                                                                  		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
                                                                                                                                                                                                                  175.163.66.39
                                                                                                                                                                                                                  		unknownChina
                                                                                                                                                                                                                  		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
                                                                                                                                                                                                                  186.158.228.1
                                                                                                                                                                                                                  		unknownArgentina
                                                                                                                                                                                                                  		11664TechtelLMDSComunicacionesInteractivasSAARfalse
                                                                                                                                                                                                                  190.211.211.112
                                                                                                                                                                                                                  		unknownArgentina
                                                                                                                                                                                                                  		27833BVNETSAARfalse
                                                                                                                                                                                                                  31.208.186.92
                                                                                                                                                                                                                  		unknownSweden
                                                                                                                                                                                                                  		29518BREDBAND2SEfalse
                                                                                                                                                                                                                  94.23.249.222
                                                                                                                                                                                                                  		unknownFrance
                                                                                                                                                                                                                  		16276OVHFRfalse
                                                                                                                                                                                                                  114.31.184.107
                                                                                                                                                                                                                  		unknownIndia
                                                                                                                                                                                                                  		38266VODAFONE-INVodafoneIndiaLtdINfalse
                                                                                                                                                                                                                  177.35.204.198
                                                                                                                                                                                                                  		unknownBrazil
                                                                                                                                                                                                                  		28573CLAROSABRfalse
                                                                                                                                                                                                                  177.192.7.234
                                                                                                                                                                                                                  		unknownBrazil
                                                                                                                                                                                                                  		28573CLAROSABRfalse
                                                                                                                                                                                                                  181.31.165.243
                                                                                                                                                                                                                  		unknownArgentina
                                                                                                                                                                                                                  		10318TelecomArgentinaSAARfalse
                                                                                                                                                                                                                  216.247.36.123
                                                                                                                                                                                                                  		unknownCanada
                                                                                                                                                                                                                  		13768COGECO-PEER1CAfalse
                                                                                                                                                                                                                  106.253.208.41
                                                                                                                                                                                                                  		unknownKorea Republic of
                                                                                                                                                                                                                  		3786LGDACOMLGDACOMCorporationKRfalse
                                                                                                                                                                                                                  180.45.193.147
                                                                                                                                                                                                                  		unknownJapan4713OCNNTTCommunicationsCorporationJPfalse
                                                                                                                                                                                                                  178.16.172.230
                                                                                                                                                                                                                  		unknownFrance
                                                                                                                                                                                                                  		34177CELESTE-ASCELESTE-InternetservicesproviderFRfalse
                                                                                                                                                                                                                  201.17.83.212
                                                                                                                                                                                                                  		unknownBrazil
                                                                                                                                                                                                                  		28573CLAROSABRfalse
                                                                                                                                                                                                                  208.87.240.21
                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                  		40676AS40676USfalse
                                                                                                                                                                                                                  45.188.17.101
                                                                                                                                                                                                                  		unknownunknown
                                                                                                                                                                                                                  		269501ONETECHSERVICOSDECOMUNICACAOEMULTIMIDIALTDABRfalse
                                                                                                                                                                                                                  5.53.117.68
                                                                                                                                                                                                                  		unknownUkraine
                                                                                                                                                                                                                  		35297DATALINE-ASUAfalse
                                                                                                                                                                                                                  1.237.27.50
                                                                                                                                                                                                                  		unknownKorea Republic of
                                                                                                                                                                                                                  		38396GOEPJ-AS-KRPajuofficeofEducationGyeonggiProvinceKRfalse
                                                                                                                                                                                                                  80.11.84.29
                                                                                                                                                                                                                  		unknownFrance
                                                                                                                                                                                                                  		3215FranceTelecom-OrangeFRfalse
                                                                                                                                                                                                                  194.61.120.72
                                                                                                                                                                                                                  		unknownunknown
                                                                                                                                                                                                                  		25229VOLIA-ASUAfalse
                                                                                                                                                                                                                  152.58.163.95
                                                                                                                                                                                                                  		unknownIndia
                                                                                                                                                                                                                  		55836RELIANCEJIO-INRelianceJioInfocommLimitedINfalse
                                                                                                                                                                                                                  152.58.227.135
                                                                                                                                                                                                                  		unknownIndia
                                                                                                                                                                                                                  		55836RELIANCEJIO-INRelianceJioInfocommLimitedINfalse
                                                                                                                                                                                                                  59.14.113.186
                                                                                                                                                                                                                  		unknownKorea Republic of
                                                                                                                                                                                                                  		4766KIXS-AS-KRKoreaTelecomKRfalse
                                                                                                                                                                                                                  90.188.245.175
                                                                                                                                                                                                                  		unknownRussian Federation
                                                                                                                                                                                                                  		12389ROSTELECOM-ASRUfalse
                                                                                                                                                                                                                  146.70.175.68
                                                                                                                                                                                                                  		unknownUnited Kingdom
                                                                                                                                                                                                                  		2018TENET-1ZAfalse
                                                                                                                                                                                                                  221.151.61.134
                                                                                                                                                                                                                  		unknownKorea Republic of
                                                                                                                                                                                                                  		4766KIXS-AS-KRKoreaTelecomKRfalse
                                                                                                                                                                                                                  99.86.228.107
                                                                                                                                                                                                                  		d3uao53cqpzd42.cloudfront.netUnited States
                                                                                                                                                                                                                  		16509AMAZON-02USfalse
                                                                                                                                                                                                                  152.58.19.88
                                                                                                                                                                                                                  		unknownIndia
                                                                                                                                                                                                                  		55836RELIANCEJIO-INRelianceJioInfocommLimitedINfalse
                                                                                                                                                                                                                  123.23.200.209
                                                                                                                                                                                                                  		unknownViet Nam
                                                                                                                                                                                                                  		45899VNPT-AS-VNVNPTCorpVNfalse
                                                                                                                                                                                                                  168.119.13.211
                                                                                                                                                                                                                  		unknownGermany
                                                                                                                                                                                                                  		24940HETZNER-ASDEfalse
                                                                                                                                                                                                                  166.175.188.96
                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                  		20057ATT-MOBILITY-LLC-AS20057USfalse
                                                                                                                                                                                                                  82.112.52.54
                                                                                                                                                                                                                  		unknownRussian Federation
                                                                                                                                                                                                                  		48642KTEL-ASEkaterinburgRussiaRUfalse
                                                                                                                                                                                                                  24.76.114.147
                                                                                                                                                                                                                  		unknownCanada
                                                                                                                                                                                                                  		6327SHAWCAfalse
                                                                                                                                                                                                                  83.233.192.89
                                                                                                                                                                                                                  		unknownSweden
                                                                                                                                                                                                                  		29518BREDBAND2SEfalse
                                                                                                                                                                                                                  49.172.134.64
                                                                                                                                                                                                                  		unknownKorea Republic of
                                                                                                                                                                                                                  		17858POWERVIS-AS-KRLGPOWERCOMMKRfalse
                                                                                                                                                                                                                  103.212.214.205
                                                                                                                                                                                                                  		unknownIndia
                                                                                                                                                                                                                  		137101RENUNETWORKS-AS-INRENUTECHNOLOGIESINfalse
                                                                                                                                                                                                                  123.129.129.158
                                                                                                                                                                                                                  		unknownChina
                                                                                                                                                                                                                  		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
                                                                                                                                                                                                                  173.254.195.58
                                                                                                                                                                                                                  		update.bittorrent.comUnited States
                                                                                                                                                                                                                  		8100ASN-QUADRANET-GLOBALUSfalse
                                                                                                                                                                                                                  102.189.59.40
                                                                                                                                                                                                                  		unknownEgypt
                                                                                                                                                                                                                  		24835RAYA-ASEGfalse
                                                                                                                                                                                                                  188.73.239.131
                                                                                                                                                                                                                  		unknownGreece
                                                                                                                                                                                                                  		25472WIND-ASGRfalse
                                                                                                                                                                                                                  51.75.78.69
                                                                                                                                                                                                                  		unknownFrance
                                                                                                                                                                                                                  		16276OVHFRfalse
                                                                                                                                                                                                                  134.255.122.136
                                                                                                                                                                                                                  		unknownHungary
                                                                                                                                                                                                                  		5483MAGYAR-TELEKOM-MAIN-ASMagyarTelekomNyrtHUfalse
                                                                                                                                                                                                                  187.73.201.88
                                                                                                                                                                                                                  		unknownBrazil
                                                                                                                                                                                                                  		53054STETNETINFORMATICALTDABRfalse

                                                                                                                                                                                                                  General Information

                                                                                                                                                                                                                  Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                                                                                                                  Analysis ID:1430082
                                                                                                                                                                                                                  Start date and time:2024-04-23 05:39:27 +02:00
                                                                                                                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                  Overall analysis duration:0h 8m 1s
                                                                                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                  Report type:full
                                                                                                                                                                                                                  Cookbook file name:default.jbs
                                                                                                                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                  Number of analysed new started processes analysed:13
                                                                                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                                                                                                  Technologies:
                                                                                                                                                                                                                  • HCA enabled
                                                                                                                                                                                                                  • EGA enabled
                                                                                                                                                                                                                  • AMSI enabled
                                                                                                                                                                                                                  Analysis Mode:default
                                                                                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                                                                                  Sample name:BitTorrent-7.6.exe
                                                                                                                                                                                                                  Detection:MAL
                                                                                                                                                                                                                  Classification:mal42.evad.winEXE@7/22@8/100
                                                                                                                                                                                                                  EGA Information:
                                                                                                                                                                                                                  • Successful, ratio: 100%
                                                                                                                                                                                                                  HCA Information:Failed
                                                                                                                                                                                                                  Cookbook Comments:
                                                                                                                                                                                                                  • Found application associated with file extension: .exe

                                                                                                                                                                                                                  Warnings

                                                                                                                                                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                  • Excluded IPs from analysis (whitelisted): 199.232.214.172, 192.229.211.108
                                                                                                                                                                                                                  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                  • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                                                                                  Simulations

                                                                                                                                                                                                                  Behavior and APIs

                                                                                                                                                                                                                  TimeTypeDescription
                                                                                                                                                                                                                  04:40:41AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run BitTorrent "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED
                                                                                                                                                                                                                  04:40:49AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run BitTorrent "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED
                                                                                                                                                                                                                  05:40:39API Interceptor1x Sleep call for process: BitTorrent.exe modified
                                                                                                                                                                                                                  05:41:12API Interceptor70x Sleep call for process: BitTorrent-7.6.exe modified

                                                                                                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                                                                                                  IPs

                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                  82.221.103.244SecuriteInfo.com.Adware.Downware.20091.8549.2837.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    SecuriteInfo.com.Adware.Downware.20091.8549.2837.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      ubuntu-22.10-desktop-amd64.iso.torrentGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        SecuriteInfo.com.Linux.Mirai.4338.16665.4054Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          hajime-likeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            DA362DFF8B39C6B4B92387F48F5BEB91CE55DBDF8BFE6.exeGet hashmaliciousAsyncRAT, RedLineBrowse
                                                                                                                                                                                                                              UvGeBNTPpT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                GgIUkupW7u.exeGet hashmaliciousBitRATBrowse
                                                                                                                                                                                                                                  iGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    iGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      54.77.218.23GgIUkupW7u.exeGet hashmaliciousBitRATBrowse
                                                                                                                                                                                                                                        iGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          49.12.86.202ubuntu-22.10-desktop-amd64.iso.torrentGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            GgIUkupW7u.exeGet hashmaliciousBitRATBrowse

                                                                                                                                                                                                                                              Domains

                                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                              update.utorrent.comuTorrent.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 67.215.246.203
                                                                                                                                                                                                                                              uTorrent.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 67.215.246.203
                                                                                                                                                                                                                                              SecuriteInfo.com.W32.uTorrent.A.gen.Eldorado.30680.8608.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 67.215.246.203
                                                                                                                                                                                                                                              SecuriteInfo.com.W32.uTorrent.A.gen.Eldorado.30680.8608.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 67.215.246.203
                                                                                                                                                                                                                                              ubuntu-22.10-desktop-amd64.iso.torrentGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 67.215.246.203
                                                                                                                                                                                                                                              bittorrent_installer.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 67.215.246.203
                                                                                                                                                                                                                                              DA362DFF8B39C6B4B92387F48F5BEB91CE55DBDF8BFE6.exeGet hashmaliciousAsyncRAT, RedLineBrowse
                                                                                                                                                                                                                                              • 67.215.246.203
                                                                                                                                                                                                                                              UvGeBNTPpT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 67.215.246.203
                                                                                                                                                                                                                                              4oLPPGxd7r.exeGet hashmaliciousSalityBrowse
                                                                                                                                                                                                                                              • 67.215.246.203
                                                                                                                                                                                                                                              yVn2ywuhEC.exeGet hashmaliciousVovaLexBrowse
                                                                                                                                                                                                                                              • 67.215.246.203
                                                                                                                                                                                                                                              router.bittorrent.comna.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                              • 67.215.246.10
                                                                                                                                                                                                                                              SecuriteInfo.com.W32.uTorrent.A.gen.Eldorado.30680.8608.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 67.215.246.10
                                                                                                                                                                                                                                              SecuriteInfo.com.W32.uTorrent.A.gen.Eldorado.30680.8608.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 67.215.246.10
                                                                                                                                                                                                                                              Photo.scr.exeGet hashmaliciousXmrigBrowse
                                                                                                                                                                                                                                              • 67.215.246.10
                                                                                                                                                                                                                                              bin.shGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                              • 67.215.246.10
                                                                                                                                                                                                                                              bin.shGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                              • 67.215.246.10
                                                                                                                                                                                                                                              ubuntu-22.10-desktop-amd64.iso.torrentGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 67.215.246.10
                                                                                                                                                                                                                                              SecuriteInfo.com.Linux.Mirai.4338.285.20673.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                              • 67.215.246.10
                                                                                                                                                                                                                                              AV.scrGet hashmaliciousXmrigBrowse
                                                                                                                                                                                                                                              • 67.215.246.10
                                                                                                                                                                                                                                              bittorrent_installer.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 67.215.246.10
                                                                                                                                                                                                                                              update.bittorrent.comUvGeBNTPpT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 173.254.195.58
                                                                                                                                                                                                                                              yVn2ywuhEC.exeGet hashmaliciousVovaLexBrowse
                                                                                                                                                                                                                                              • 173.254.195.58
                                                                                                                                                                                                                                              bittorrent-1.hs.llnwd.netuTorrent.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 68.142.107.154
                                                                                                                                                                                                                                              uTorrent.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 68.142.107.154
                                                                                                                                                                                                                                              ubuntu-22.10-desktop-amd64.iso.torrentGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 178.79.242.16
                                                                                                                                                                                                                                              DA362DFF8B39C6B4B92387F48F5BEB91CE55DBDF8BFE6.exeGet hashmaliciousAsyncRAT, RedLineBrowse
                                                                                                                                                                                                                                              • 95.140.230.170
                                                                                                                                                                                                                                              UvGeBNTPpT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 95.140.230.217
                                                                                                                                                                                                                                              yVn2ywuhEC.exeGet hashmaliciousVovaLexBrowse
                                                                                                                                                                                                                                              • 178.79.242.147
                                                                                                                                                                                                                                              d3uao53cqpzd42.cloudfront.netubuntu-22.10-desktop-amd64.iso.torrentGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 13.32.24.174
                                                                                                                                                                                                                                              Ace_Stream_Media_3.1.32.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 143.204.47.100

                                                                                                                                                                                                                                              ASNs

                                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                              TELECOMLTDAMEBRE8zldNa4ks.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 179.97.23.14
                                                                                                                                                                                                                                              gB4Uoi2RpM.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                              • 138.2.33.177
                                                                                                                                                                                                                                              N6Cv26YcaB.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                              • 138.3.76.65
                                                                                                                                                                                                                                              M2CRoPxCDK.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 138.3.116.71
                                                                                                                                                                                                                                              7YYJZyLPiX.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                              • 138.10.125.104
                                                                                                                                                                                                                                              skid.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                              • 138.3.116.49
                                                                                                                                                                                                                                              skid.arm5.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                              • 138.3.116.83
                                                                                                                                                                                                                                              2kQ1ly7LHv.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                              • 138.33.54.8
                                                                                                                                                                                                                                              yqeO67O9gY.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                              • 45.172.252.160
                                                                                                                                                                                                                                              jew.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                              • 138.3.141.58
                                                                                                                                                                                                                                              LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHoldingpJNcZyhUh8.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                              • 46.5.147.107
                                                                                                                                                                                                                                              jdsfl.arm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                              • 80.219.184.157
                                                                                                                                                                                                                                              jdsfl.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                              • 46.127.139.39
                                                                                                                                                                                                                                              lS9yzwGRef.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                              • 94.114.47.120
                                                                                                                                                                                                                                              tajma.x86-20240422-0535.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                              • 109.255.181.193
                                                                                                                                                                                                                                              qHaDdrhGKL.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                              • 83.64.51.94
                                                                                                                                                                                                                                              FE8sC55u4j.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                              • 83.65.197.88
                                                                                                                                                                                                                                              w2wnAQTd6O.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 95.158.119.64
                                                                                                                                                                                                                                              Y98pGn3FUt.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                              • 80.219.136.200
                                                                                                                                                                                                                                              Q2bIN963Kt.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                              • 46.252.137.235
                                                                                                                                                                                                                                              OPTAGEOPTAGEIncJPZOHH8muwjh.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                              • 180.146.137.162
                                                                                                                                                                                                                                              hYN45tzxwl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                              • 58.189.208.100
                                                                                                                                                                                                                                              aga94GHd1L.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                              • 121.86.77.34
                                                                                                                                                                                                                                              0FnrrE8B6Y.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                              • 182.166.147.164
                                                                                                                                                                                                                                              D3qL35jbpG.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                              • 119.230.50.24
                                                                                                                                                                                                                                              2xPVyj2lU8.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                              • 58.191.75.23
                                                                                                                                                                                                                                              fK5W9PpT6b.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                              • 60.57.202.190
                                                                                                                                                                                                                                              ToUXp7NTcb.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                              • 180.145.195.190
                                                                                                                                                                                                                                              w17yCE18dz.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                              • 59.190.89.100
                                                                                                                                                                                                                                              7m7X62tiZr.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                              • 202.60.46.236
                                                                                                                                                                                                                                              COGECOWAVECA0ZL4A1ojq4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                              • 24.55.193.121
                                                                                                                                                                                                                                              I72po0MZQY.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                              • 72.38.18.80
                                                                                                                                                                                                                                              2xPVyj2lU8.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                              • 72.38.43.76
                                                                                                                                                                                                                                              o2mV9s50D5.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                              • 24.57.78.157
                                                                                                                                                                                                                                              5lrOsR7kdX.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                              • 24.226.21.27
                                                                                                                                                                                                                                              2AJt0uG0mS.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                              • 24.150.2.245
                                                                                                                                                                                                                                              DqbYZ8Ns4k.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                              • 24.55.233.217
                                                                                                                                                                                                                                              wa3HVGbhyX.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                              • 24.55.193.117
                                                                                                                                                                                                                                              93K8VI44kt.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                              • 67.193.27.96
                                                                                                                                                                                                                                              57MarRRXFN.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                              • 72.39.155.26
                                                                                                                                                                                                                                              ROSTELECOM-ASRUjdsfl.arm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                              • 176.50.124.141
                                                                                                                                                                                                                                              lS9yzwGRef.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                              • 37.21.254.89
                                                                                                                                                                                                                                              tajma.arm7-20240422-0539.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                              • 83.171.119.82
                                                                                                                                                                                                                                              ATNSgLSNbG.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                              • 212.57.149.168
                                                                                                                                                                                                                                              b3astmode.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                              • 94.50.19.92
                                                                                                                                                                                                                                              b3astmode.x86.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 5.137.161.25
                                                                                                                                                                                                                                              qHaDdrhGKL.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                              • 31.162.19.210
                                                                                                                                                                                                                                              file.exeGet hashmaliciousPhorpiexBrowse
                                                                                                                                                                                                                                              • 109.168.235.213
                                                                                                                                                                                                                                              BzmhHwFpCV.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                              • 178.67.175.22
                                                                                                                                                                                                                                              dPFRrhKTeG.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 92.124.86.68

                                                                                                                                                                                                                                              JA3 Fingerprints

                                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                              28a2c9bd18a11de089ef85a160da29e4seckey-x64-sha256.exeGet hashmaliciousDrill RansomwareBrowse
                                                                                                                                                                                                                                              • 40.127.169.103
                                                                                                                                                                                                                                              seckey-x64-sha256.exeGet hashmaliciousDrill RansomwareBrowse
                                                                                                                                                                                                                                              • 40.127.169.103
                                                                                                                                                                                                                                              https://netorg64799-my.sharepoint.com/:b:/g/personal/alva_wct-usa_com/ES73RZgSrIxGsn3-WRolkh4BarUkUa8B7jWUjl7sJYhzog?e=uQClH3Get hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                                                                                                                                                              • 40.127.169.103
                                                                                                                                                                                                                                              https://5gpzyf.cn/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 40.127.169.103
                                                                                                                                                                                                                                              szamla_sorszam_8472.xlsmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 40.127.169.103
                                                                                                                                                                                                                                              https://pub-187b2d91c0494f3ba5ec3b326cc8fed8.r2.dev/baeleavemail.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                              • 40.127.169.103
                                                                                                                                                                                                                                              https://lucassims.autos/spare/radiator/?contentId=Blse7InvGet hashmaliciousTechSupportScamBrowse
                                                                                                                                                                                                                                              • 40.127.169.103
                                                                                                                                                                                                                                              https://hysbzybllsyxgsn9a.szwlu.cn/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 40.127.169.103
                                                                                                                                                                                                                                              https://getpornoliwbstfenx.z13.web.core.windows.net/index.htmlGet hashmaliciousTechSupportScamBrowse
                                                                                                                                                                                                                                              • 40.127.169.103
                                                                                                                                                                                                                                              https://homeindiansexoldrd.z13.web.core.windows.net/index.htmlGet hashmaliciousTechSupportScamBrowse
                                                                                                                                                                                                                                              • 40.127.169.103
                                                                                                                                                                                                                                              3b5074b1b5d032e5620f69f9f700ff0eQUOTE RNP002673CC1F68.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                              • 99.86.228.107
                                                                                                                                                                                                                                              scripttodo.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 99.86.228.107
                                                                                                                                                                                                                                              https://secure.rightsignature.com/signers/72685de1-0891-4676-ba51-0639e8aac386/sign?identity_token=e9BkbAE3-a65UvyeRkxLGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                              • 99.86.228.107
                                                                                                                                                                                                                                              FreeTemplates_46070101.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 99.86.228.107
                                                                                                                                                                                                                                              z1E-catalogSamples.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                              • 99.86.228.107
                                                                                                                                                                                                                                              rPayment_AdviceJ001222042024.batGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                                                                                                                              • 99.86.228.107
                                                                                                                                                                                                                                              FreeTemplates_46069972.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 99.86.228.107
                                                                                                                                                                                                                                              https://sandboxlabs-analytics.intelladata.com/?5RISWS=N2nzRM&_qjl=7*0dDHPjBuW4cGV.p!7*APeLN93*fVi_pa*Ux3AVra7evDPNqXr0_E.1aZHBhZGlsbGFAaGlsY29ycC5jb20=Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 99.86.228.107
                                                                                                                                                                                                                                              doc.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                              • 99.86.228.107
                                                                                                                                                                                                                                              Alumium.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                                                              • 99.86.228.107

                                                                                                                                                                                                                                              Dropped Files

                                                                                                                                                                                                                                              No context

                                                                                                                                                                                                                                              Created / dropped Files

                                                                                                                                                                                                                                              C:\Program Files (x86)\BitTorrent\BitTorrent.exe

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\BitTorrent-7.6.exe
                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):6053744
                                                                                                                                                                                                                                              Entropy (8bit):7.944122473060144
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:98304:TtaqNPrd5FZ1QYQPvGieAbw56NxtWLoRS8NQXfIC0vosGLYJpb9FTWzzLWeHaI:T/NPfTSr3GieAw61BQhPz0WLsNqzJx
                                                                                                                                                                                                                                              MD5:3185EE10379B592B64AD9BC098C9309C
                                                                                                                                                                                                                                              SHA1:007AC354F0E509A8A4E6111724EF1E5DFD300A85
                                                                                                                                                                                                                                              SHA-256:A9FD1194593A943A9E93BF7D273375E4237747062BBBEE3B6FCD4759ED67C86C
                                                                                                                                                                                                                                              SHA-512:B71859E32D36D65EF436B20700D166F10F7ABEE009BEE71280D287F3CAA7F2733B3F5389F36CBA35529BE583BFC25C432F700AD21E6D81F4FAADCCD499321858
                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 23%
                                                                                                                                                                                                                                              • Antivirus: Virustotal, Detection: 28%, Browse
                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................................................................................................................................................................................................................................PE..L...j..N.................`...p.......<.......P....@..........................Po...........@...-................................0....P...`...........J\.p...........................................................................................UPX0....................................UPX1.....`.......X..................@....rsrc....p...P...f...\..............@....payload..F.......F......................opcandy......c.......P.................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\ProgramData\Microsoft\Windows\Start Menu\BitTorrent.lnk

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\BitTorrent-7.6.exe
                                                                                                                                                                                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Apr 23 02:40:36 2024, mtime=Tue Apr 23 02:40:36 2024, atime=Tue Apr 23 02:40:36 2024, length=6053744, window=hide
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):1042
                                                                                                                                                                                                                                              Entropy (8bit):4.680197951767111
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:24:8PyEM+dOEsdddewCyAeWXafdMoUUAnqyFm:8PlM+dOpj6XXafdM9oyF
                                                                                                                                                                                                                                              MD5:F15DA7C02FFB6F866B169160416A3C65
                                                                                                                                                                                                                                              SHA1:98AA718901C7525E7F4B67CBBFAE6109440AE80A
                                                                                                                                                                                                                                              SHA-256:5F03819C353834F13CF624DA1561A6625EB65E6E4EF2D9E9C67BBB724830574B
                                                                                                                                                                                                                                              SHA-512:8714A3DA7B9B88DE17DE2108EF441C1B2DECEBFEF5ABEC999B4F481F32D864E41F3ADF68537EC5DCE827826C08D91EB79D987396D6021C1ED51A6E626808BC52
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                              Preview:L..................F.... ....m..0.......0.......0...p_\..........................P.O. .:i.....+00.../C:\.....................1......X....PROGRA~2.........O.I.X......................V.....@.6.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....^.1......X....BITTOR~1..F......X...X......Y.....................:...B.i.t.T.o.r.r.e.n.t.....j.2.p_\..X.. .BITTOR~1.EXE..N......X...X...........................a...B.i.t.T.o.r.r.e.n.t...e.x.e......._...............-.......^............(.......C:\Program Files (x86)\BitTorrent\BitTorrent.exe..9.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.B.i.t.T.o.r.r.e.n.t.\.B.i.t.T.o.r.r.e.n.t...e.x.e.........*................@Z|...K.J.........`.......X.......841618...........hT..CrF.f4... .m.T..b...,.......hT..CrF.f4... .m.T..b...,..................1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5.1.1.7.-.2.4.7.6.7.5.6.6.3.4.-.1.0.0.2.........9...1SPS..mD..pH.H@..=x

                                                                                                                                                                                                                                              C:\Users\Public\Desktop\BitTorrent.lnk

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\BitTorrent-7.6.exe
                                                                                                                                                                                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Apr 23 02:40:36 2024, mtime=Tue Apr 23 02:40:36 2024, atime=Tue Apr 23 02:40:36 2024, length=6053744, window=hide
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):1036
                                                                                                                                                                                                                                              Entropy (8bit):4.692460876208324
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:24:8uv+EAudOEsdddjwCyAeWXa0dMoUUAnqyFm:8KxAudOpjRXXa0dM9oyF
                                                                                                                                                                                                                                              MD5:83C7DF5B6B18230529F2C68547D65E40
                                                                                                                                                                                                                                              SHA1:6E0C7670920DC07514BF91B4EE1639062E0C0F40
                                                                                                                                                                                                                                              SHA-256:329CAECFF0E132D09566F6D5139193BB415BB85D51655F3F4617C09E3AFCD500
                                                                                                                                                                                                                                              SHA-512:0B9D6CD140748D3D7ACBBE8D2405D99F8C504F1C25EFB6FB231869945829834B8AF6460C8976201DA3D7D91852B43C43BB7109A13B86ADCD51C1E45629A698A9
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                              Preview:L..................F.... ....m..0.......0.......0...p_\..........................P.O. .:i.....+00.../C:\.....................1......X....PROGRA~2.........O.I.X......................V.....:...P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....^.1......X....BITTOR~1..F......X...X......Y.........................B.i.t.T.o.r.r.e.n.t.....j.2.p_\..X.. .BITTOR~1.EXE..N......X...X...........................a...B.i.t.T.o.r.r.e.n.t...e.x.e......._...............-.......^............(.......C:\Program Files (x86)\BitTorrent\BitTorrent.exe..6.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.B.i.t.T.o.r.r.e.n.t.\.B.i.t.T.o.r.r.e.n.t...e.x.e.........*................@Z|...K.J.........`.......X.......841618...........hT..CrF.f4... .m.T..b...,.......hT..CrF.f4... .m.T..b...,..................1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5.1.1.7.-.2.4.7.6.7.5.6.6.3.4.-.1.0.0.2.........9...1SPS..mD..pH.H@..=x.....h

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\utt267C.tmp.zip

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\BitTorrent-7.6.exe
                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):6053744
                                                                                                                                                                                                                                              Entropy (8bit):7.944122850469794
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:98304:HtaqNPrd5FZ1QYQPvGieAbw56NxtWLoRS8NQXfIC0vosGLYJpb9FTWzzLWeHaI:H/NPfTSr3GieAw61BQhPz0WLsNqzJx
                                                                                                                                                                                                                                              MD5:DED1F11C105F1EF534E1D3F08D192127
                                                                                                                                                                                                                                              SHA1:3186B98376BDE648824B7E36D14070184DE69CD2
                                                                                                                                                                                                                                              SHA-256:F778566A62B26AE58D564E9E473531A055B936FA90D068FC03E1867B598F30B8
                                                                                                                                                                                                                                              SHA-512:DD6638F7E15EB15A0914CBE7A1CD253FD4D19E2A99205EBF4BB2261E20BDFA534C75B882524902A044A300E808BFEF3CF4ADF771E5A5355E62821090523DB8D9
                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 30%
                                                                                                                                                                                                                                              • Antivirus: Virustotal, Detection: 24%, Browse
                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................................................................................................................................................................................................................................PE..L...j..N.................`...p.......<.......P....@..........................Po.....J.]...@...-................................0....P...`...........J\.p...........................................................................................UPX0....................................UPX1.....`.......X..................@....rsrc....p...P...f...\..............@....payload..F.......F......................opcandy......c.......P.................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\utt35EC.tmp.zip

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\BitTorrent-7.6.exe
                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):6053744
                                                                                                                                                                                                                                              Entropy (8bit):7.944122850469794
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:98304:HtaqNPrd5FZ1QYQPvGieAbw56NxtWLoRS8NQXfIC0vosGLYJpb9FTWzzLWeHaI:H/NPfTSr3GieAw61BQhPz0WLsNqzJx
                                                                                                                                                                                                                                              MD5:DED1F11C105F1EF534E1D3F08D192127
                                                                                                                                                                                                                                              SHA1:3186B98376BDE648824B7E36D14070184DE69CD2
                                                                                                                                                                                                                                              SHA-256:F778566A62B26AE58D564E9E473531A055B936FA90D068FC03E1867B598F30B8
                                                                                                                                                                                                                                              SHA-512:DD6638F7E15EB15A0914CBE7A1CD253FD4D19E2A99205EBF4BB2261E20BDFA534C75B882524902A044A300E808BFEF3CF4ADF771E5A5355E62821090523DB8D9
                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 30%
                                                                                                                                                                                                                                              • Antivirus: Virustotal, Detection: 24%, Browse
                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................................................................................................................................................................................................................................PE..L...j..N.................`...p.......<.......P....@..........................Po.....J.]...@...-................................0....P...`...........J\.p...........................................................................................UPX0....................................UPX1.....`.......X..................@....rsrc....p...P...f...\..............@....payload..F.......F......................opcandy......c.......P.................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\utt40AA.tmp.zip

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\BitTorrent\BitTorrent.exe
                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):6053744
                                                                                                                                                                                                                                              Entropy (8bit):7.944122473060144
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:98304:TtaqNPrd5FZ1QYQPvGieAbw56NxtWLoRS8NQXfIC0vosGLYJpb9FTWzzLWeHaI:T/NPfTSr3GieAw61BQhPz0WLsNqzJx
                                                                                                                                                                                                                                              MD5:3185EE10379B592B64AD9BC098C9309C
                                                                                                                                                                                                                                              SHA1:007AC354F0E509A8A4E6111724EF1E5DFD300A85
                                                                                                                                                                                                                                              SHA-256:A9FD1194593A943A9E93BF7D273375E4237747062BBBEE3B6FCD4759ED67C86C
                                                                                                                                                                                                                                              SHA-512:B71859E32D36D65EF436B20700D166F10F7ABEE009BEE71280D287F3CAA7F2733B3F5389F36CBA35529BE583BFC25C432F700AD21E6D81F4FAADCCD499321858
                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 23%
                                                                                                                                                                                                                                              • Antivirus: Virustotal, Detection: 28%, Browse
                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................................................................................................................................................................................................................................PE..L...j..N.................`...p.......<.......P....@..........................Po...........@...-................................0....P...`...........J\.p...........................................................................................UPX0....................................UPX1.....`.......X..................@....rsrc....p...P...f...\..............@....payload..F.......F......................opcandy......c.......P.................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\utt6F6B.tmp.zip

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\BitTorrent\BitTorrent.exe
                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):6053744
                                                                                                                                                                                                                                              Entropy (8bit):7.944122473060144
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:98304:TtaqNPrd5FZ1QYQPvGieAbw56NxtWLoRS8NQXfIC0vosGLYJpb9FTWzzLWeHaI:T/NPfTSr3GieAw61BQhPz0WLsNqzJx
                                                                                                                                                                                                                                              MD5:3185EE10379B592B64AD9BC098C9309C
                                                                                                                                                                                                                                              SHA1:007AC354F0E509A8A4E6111724EF1E5DFD300A85
                                                                                                                                                                                                                                              SHA-256:A9FD1194593A943A9E93BF7D273375E4237747062BBBEE3B6FCD4759ED67C86C
                                                                                                                                                                                                                                              SHA-512:B71859E32D36D65EF436B20700D166F10F7ABEE009BEE71280D287F3CAA7F2733B3F5389F36CBA35529BE583BFC25C432F700AD21E6D81F4FAADCCD499321858
                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 23%
                                                                                                                                                                                                                                              • Antivirus: Virustotal, Detection: 28%, Browse
                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................................................................................................................................................................................................................................PE..L...j..N.................`...p.......<.......P....@..........................Po...........@...-................................0....P...`...........J\.p...........................................................................................UPX0....................................UPX1.....`.......X..................@....rsrc....p...P...f...\..............@....payload..F.......F......................opcandy......c.......P.................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\uttE3C4.tmp

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\BitTorrent-7.6.exe
                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):768512
                                                                                                                                                                                                                                              Entropy (8bit):6.655187116608233
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:12288:OFXFW8B4c+zFzNBLMALXuepJHYGcveHJUfj5PCTe1CgYA1VyO:O9FTWzFzNBLMALXH2eHJUfFqTe1Cgc
                                                                                                                                                                                                                                              MD5:A0700C700A35E5C9F48095C58505CDB2
                                                                                                                                                                                                                                              SHA1:6907C38BCF588EDB69417ECB819D0BCA1C204B18
                                                                                                                                                                                                                                              SHA-256:B3170B17986DCD7BCA25245CDEB257C5FCBFF3E03EC15EF412551C7C45B5EDB7
                                                                                                                                                                                                                                              SHA-512:DDCE7F7912FE2E9219DA003D476815849C65D415580851C064AAF4CCCF1E19519767B8D941041E85B74EA8D1A9DF6784112AFDAAEBB0BE3CD57C1B883FE67DB5
                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 59%
                                                                                                                                                                                                                                              • Antivirus: Virustotal, Detection: 58%, Browse
                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........'..ht..ht..ht...t..ht...t..ht...t..ht...t..ht].zt..ht...t..ht...t..ht..it..ht...t..ht...t..ht...t..ht...t..htRich..ht........PE..L.....mM...........!................................................................8.....@.........................pq.......T..@.......................H....p..Xc......................................................l............................text...\........................... ..`.rdata..Fx.......z..................@..@.data...(N.......$...j..............@....rsrc...............................@..@.reloc..ny...p...z...(..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\uttE59A.tmp (copy)

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\BitTorrent-7.6.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):165
                                                                                                                                                                                                                                              Entropy (8bit):4.807969747848621
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:GQOT+n8LDP6gPShjxkBBh3AMj8AtI5YRfE9KeuA8wBgSPdvxjA:Gxl/P6gPWqN/4z8f8MyldA
                                                                                                                                                                                                                                              MD5:25FDC5531AA81773B91390DFB2AB7B48
                                                                                                                                                                                                                                              SHA1:A688F604711D6743511F46AD02488295C3A8BD3C
                                                                                                                                                                                                                                              SHA-256:CB492DAF663F308300D324FC16357E9054070FA2218EA7099527E4669C3DE6E6
                                                                                                                                                                                                                                              SHA-512:C81782353F96BE9195E87756923DEC4C8E32C74E5B5A6D8FC237816871879B1ECC26D49774E7F91563908DCF6CE81C582BC45F781321AC0E8DB46C894B87D402
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                              Preview:d10:.fileguard40:F717356681916DEF00413DB7D86D53DB166BEB4816:secondary_offersl2:oce2:oci1e3:adki1e8:offer_id5:empty13:toolbar_counti0e4:ctid0:2:tsi1713843616e1:c2:roe

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\uttE59A.tmp.new

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\BitTorrent-7.6.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):165
                                                                                                                                                                                                                                              Entropy (8bit):4.807969747848621
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:GQOT+n8LDP6gPShjxkBBh3AMj8AtI5YRfE9KeuA8wBgSPdvxjA:Gxl/P6gPWqN/4z8f8MyldA
                                                                                                                                                                                                                                              MD5:25FDC5531AA81773B91390DFB2AB7B48
                                                                                                                                                                                                                                              SHA1:A688F604711D6743511F46AD02488295C3A8BD3C
                                                                                                                                                                                                                                              SHA-256:CB492DAF663F308300D324FC16357E9054070FA2218EA7099527E4669C3DE6E6
                                                                                                                                                                                                                                              SHA-512:C81782353F96BE9195E87756923DEC4C8E32C74E5B5A6D8FC237816871879B1ECC26D49774E7F91563908DCF6CE81C582BC45F781321AC0E8DB46C894B87D402
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                              Preview:d10:.fileguard40:F717356681916DEF00413DB7D86D53DB166BEB4816:secondary_offersl2:oce2:oci1e3:adki1e8:offer_id5:empty13:toolbar_counti0e4:ctid0:2:tsi1713843616e1:c2:roe

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\BitTorrent\26618-bittorrent.c654.dmp

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\BitTorrent-7.6.exe
                                                                                                                                                                                                                                              File Type:Mini DuMP crash report, 12 streams, Tue Apr 23 03:42:24 2024, 0x200050 type
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):104384
                                                                                                                                                                                                                                              Entropy (8bit):3.1223633877469616
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:768:TkOMUVUYncXKCHQ9pmPuWA0KuQ84EI4EaK+/5W0l6bA2aCl10igaqQZidrbrPDLo:xVUYDmQuTsnkdDI
                                                                                                                                                                                                                                              MD5:A5F4A52624B787FF1FCC7A404786E1FA
                                                                                                                                                                                                                                              SHA1:E522E8650CB482EC2F1955639A9E9B85112E76D1
                                                                                                                                                                                                                                              SHA-256:7665CE33926C22FDA29C06009B6851C369304C1BD78DE83B6B44E1B2EF089CF7
                                                                                                                                                                                                                                              SHA-512:324872570169D987132E5275AB3923DCA64644AFA2ACC71E51E32A3B2DF253F4C4C2E84CF1A44094DB960791D8FDB9EF4A8C6D25BFB45F0DEB4AE1765C054E58
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                              Preview:MDMP..a..... ....... .'fP. .........4...............$............,..........<.......8...........T...............................................................................................eJ......l.......GenuineIntel........H.!.T.......l....-'f.............................0..................W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .S.u.m.m.e.r. .T.i.m.e...........................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...........................................................................................................................................................................................................................................................................................................................................................................................................................................................d.b.g.c.o.r.e...

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\BitTorrent\dlimagecache\10E6FBE4D921B475FA5FEC6E9A535A540D6FEED1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\BitTorrent\BitTorrent.exe
                                                                                                                                                                                                                                              File Type:MS Windows icon resource - 1 icon, 16x16, 16 colors
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):318
                                                                                                                                                                                                                                              Entropy (8bit):3.8235838650784046
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:6:k5gif5iQDJHlAkGMkNNjkNNjkmX3NiickNNjkNNjkNNjRh:k5vQQ1uMWtWtJtiPWtWtWt
                                                                                                                                                                                                                                              MD5:F5890D1D21161B7B871F16503A6C206A
                                                                                                                                                                                                                                              SHA1:35625B6B7132A0DC86F0B27E491B251E0D29AB5C
                                                                                                                                                                                                                                              SHA-256:3706AA2CA9BA41F8447F78652F5376633079280934CD84146906B3CF8FBDF4EA
                                                                                                                                                                                                                                              SHA-512:F5F5083D07250C7C054CDAFB32B383CC689A514460E9F0766C3B78DF7251BE15FA6341D31CE139564FD73C7398E1735D5CB5B080F0AF27B6A1D7CF2FD3B06557
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                              Preview:..............(.......(....... ........................................p6....J ......f.....M..|..........v?......W.DDDDDDDDA.......A.......A.......A"q...".A"q...".A"q...".A"..%.".A"ar#.(.A"/..m+.A..(U...A.......A.......A.......A.......DDDDDDDD................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\BitTorrent\settings.dat (copy)

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\BitTorrent-7.6.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):6040
                                                                                                                                                                                                                                              Entropy (8bit):5.7023251950229685
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:96:q3vlfqjiT09JLGqxuntKoFf0jrfmoVp49Xe50eYpyZK+VQV:q3tfqjiT09pSnt3mjrfm8i9EAeKn
                                                                                                                                                                                                                                              MD5:3AA83749B1BE777D9EBB4B972381CE1D
                                                                                                                                                                                                                                              SHA1:1A333AF9DD4B0789C25ED2AEFC7979BB2A946284
                                                                                                                                                                                                                                              SHA-256:6EC352E9130DFFA9A31B3413D98FD5C69B3E648F755E222643CDED84A18547C2
                                                                                                                                                                                                                                              SHA-512:0C368CCF9A283F7937974EFAFE1F612625577AA80DD0A9E01B5B638E28BD1DD351A6144519D3157B0116F690D892F791EC4F752F97382440AEFF81FEA665D9A8
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:d10:.fileguard40:BC312C2ED6EF692817E7509CEACB04A5352BF23C11:activations0:15:add_dialog_histle9:addprewnd8:........4:appsd7:applistlee4:asszi0e9:autostarti1e3:av28:........7:born_oni13358317214e11:boss_key_pw0:30:bt.no_connect_to_services_list23:25,80,110,443,6666,66678:channelsd11:channellistlee17:check_update_betai0e3:cid24:./.e,j.v\.g.]5z.....'..4:cids28:./.e,j.v\.g.]5z.....'...-'f7:ct_histle23:daily_dna_download_hist248:........................................................................................................................................................................................................................................................21:daily_dna_upload_hist248:........................................................................................................................................................................................................................................................19:daily_download_hist248:.....................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\BitTorrent\settings.dat.new

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\BitTorrent-7.6.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):6040
                                                                                                                                                                                                                                              Entropy (8bit):5.7023251950229685
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:96:q3vlfqjiT09JLGqxuntKoFf0jrfmoVp49Xe50eYpyZK+VQV:q3tfqjiT09pSnt3mjrfm8i9EAeKn
                                                                                                                                                                                                                                              MD5:3AA83749B1BE777D9EBB4B972381CE1D
                                                                                                                                                                                                                                              SHA1:1A333AF9DD4B0789C25ED2AEFC7979BB2A946284
                                                                                                                                                                                                                                              SHA-256:6EC352E9130DFFA9A31B3413D98FD5C69B3E648F755E222643CDED84A18547C2
                                                                                                                                                                                                                                              SHA-512:0C368CCF9A283F7937974EFAFE1F612625577AA80DD0A9E01B5B638E28BD1DD351A6144519D3157B0116F690D892F791EC4F752F97382440AEFF81FEA665D9A8
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:d10:.fileguard40:BC312C2ED6EF692817E7509CEACB04A5352BF23C11:activations0:15:add_dialog_histle9:addprewnd8:........4:appsd7:applistlee4:asszi0e9:autostarti1e3:av28:........7:born_oni13358317214e11:boss_key_pw0:30:bt.no_connect_to_services_list23:25,80,110,443,6666,66678:channelsd11:channellistlee17:check_update_betai0e3:cid24:./.e,j.v\.g.]5z.....'..4:cids28:./.e,j.v\.g.]5z.....'...-'f7:ct_histle23:daily_dna_download_hist248:........................................................................................................................................................................................................................................................21:daily_dna_upload_hist248:........................................................................................................................................................................................................................................................19:daily_download_hist248:.....................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\BitTorrent\settings.dat.old (copy)

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\BitTorrent-7.6.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):6040
                                                                                                                                                                                                                                              Entropy (8bit):5.7023251950229685
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:96:q3vlfqjiT09JLGqxuntKoFf0jrfmoVp49Xe50eYpyZK+VQV:q3tfqjiT09pSnt3mjrfm8i9EAeKn
                                                                                                                                                                                                                                              MD5:3AA83749B1BE777D9EBB4B972381CE1D
                                                                                                                                                                                                                                              SHA1:1A333AF9DD4B0789C25ED2AEFC7979BB2A946284
                                                                                                                                                                                                                                              SHA-256:6EC352E9130DFFA9A31B3413D98FD5C69B3E648F755E222643CDED84A18547C2
                                                                                                                                                                                                                                              SHA-512:0C368CCF9A283F7937974EFAFE1F612625577AA80DD0A9E01B5B638E28BD1DD351A6144519D3157B0116F690D892F791EC4F752F97382440AEFF81FEA665D9A8
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:d10:.fileguard40:BC312C2ED6EF692817E7509CEACB04A5352BF23C11:activations0:15:add_dialog_histle9:addprewnd8:........4:appsd7:applistlee4:asszi0e9:autostarti1e3:av28:........7:born_oni13358317214e11:boss_key_pw0:30:bt.no_connect_to_services_list23:25,80,110,443,6666,66678:channelsd11:channellistlee17:check_update_betai0e3:cid24:./.e,j.v\.g.]5z.....'..4:cids28:./.e,j.v\.g.]5z.....'...-'f7:ct_histle23:daily_dna_download_hist248:........................................................................................................................................................................................................................................................21:daily_dna_upload_hist248:........................................................................................................................................................................................................................................................19:daily_download_hist248:.....................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1002\1f91d2d17ea675d4c2c3192e241743f9_9e146be9-c76a-4720-bcdb-53011b87bd06

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\BitTorrent-7.6.exe
                                                                                                                                                                                                                                              File Type:Matlab v4 mat-file (little endian) , sparse, rows 0, columns 64
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):1508
                                                                                                                                                                                                                                              Entropy (8bit):7.367189123031105
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:24:yyXyOpE88+B7UM3AErYw/wHjv1SlCehUI79r4rtOotvjAjMp+Ln9K7fPx96G08eI:yyXy/eB7UMFY9Hb1SldhU2nGvqLn9Ex1
                                                                                                                                                                                                                                              MD5:C5C4AD15328D4D8BFD2186228225A624
                                                                                                                                                                                                                                              SHA1:D3AC471A93BA46B67A56C485674EBB2B1C518234
                                                                                                                                                                                                                                              SHA-256:CBF5DCD908E959B78C25E03076ECAC167BD4C2A31DF6311357267F7D8A632EAA
                                                                                                                                                                                                                                              SHA-512:8793C27345DF24B830A9BDEF7004AD1B908395628D73888E880BEF48CE8F1F1B8308FF8FED7E077B3D3AC45A2ECE663966B4C7A2016740C9AA5CD5A0F9F7BF91
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:........@...............................C=US,ST=CA,L=San Francisco,O=BitTorrent,OU=uTorrent,CN=uTorrent.....................RSA1................U.]....W;.Y.-....n.Kv...i.=..'xt...l..5...6s.-.....P....K^..3..8) ...g.S.^@N.TS...nY..pwM.r....."....y-....J-.I.~...k~.BTY......................z..O........d.nQpK...........,...C.r.y.p.t.o.A.P.I. .P.r.i.v.a.t.e. .K.e.y....f...... ....&..W.g......AM.1..<b.......J............. .....I+T.< ,_/.8.6v.e.@.=.P....D.......!...\tnaG.Q.(0...*.{....."I..|..nn[j..lqo.oT.l..u.O..|...o.`.Hr..' .H..@Q.....-....<J.../....{.$.z"?>..B..V....'gTe..D........N...Nq.Hs..........qG...7@..}v....gf.>;;.K....A~.U..v>.$c]9f.....4...-~......xP.Y.SH>+x..........Z.....p...B..mO@...=..!.BV8\....J...D.;M.-.....}x...Sb...U.y......r..@(.:...[.V....G.-.....!TS"..~j...sZ.._.M.t.NVy......Whg3..M;U...Y..dV5(..........6gCE[..1...Z..K9..r...1!B...fA..h..,.z...e....r.>...?.2F.....8G.<.L.$...V.K.1.v"v....!..o.....5.&.......DX....4 1......*K#^B.O4?..>.....%-..

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1002\8a78d4a0736e469f0c8439e79558b777_9e146be9-c76a-4720-bcdb-53011b87bd06

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\BitTorrent\BitTorrent.exe
                                                                                                                                                                                                                                              File Type:Matlab v4 mat-file (little endian) , sparse, rows 0, columns 39
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):1483
                                                                                                                                                                                                                                              Entropy (8bit):7.355418215013062
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:24:HIUkXyOpE88+B7UWJEXRwE2+4dBIve73++EFfddAduLVuW+0+sRdtgr7:HITXy/eB7U4WRwm4dBma3++aAdQV80fC
                                                                                                                                                                                                                                              MD5:D08E47475D30325E61CB930058B233B7
                                                                                                                                                                                                                                              SHA1:FA1E1540E95DA01CF1F74F36A1487BF1BC5D7C0F
                                                                                                                                                                                                                                              SHA-256:4DB0AF06F8AE0C76A10C76C485DD74A919EC6A07DFFA34ABD22453C81DA56903
                                                                                                                                                                                                                                              SHA-512:ECA6948509D66070CDF58E4573762BD6BF88081A04FBFEEC0CC95DC92E73814075AB98732EE868D7B7C2C64BB6721C92363855441FD4C4FA924A4BC23D21A079
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:........'...............................{4703A7B3-A6F2-4E92-983B-D60933E07A27}.....................RSA1................U.]....W;.Y.-....n.Kv...i.=..'xt...l..5...6s.-.....P....K^..3..8) ...g.S.^@N.TS...nY..pwM.r....."....y-....J-.I.~...k~.BTY......................z..O........d.nQpK...........,...C.r.y.p.t.o.A.P.I. .P.r.i.v.a.t.e. .K.e.y....f...... ......).s.a.1i....UN.....@..1U5............... .....R..D.C.......E...n...3......TO....))...._.9....W..7.P_..-....%&...T..Z..^,....].6.G...C.....a.H...._."w8....HALR.&.}.Z./.hW}p/.Hq..K..T...]...3W.J..0.)..c...+. ...vy.".)...N.I..P.pUDO>.....j.V...6R..v.o.k8z.c...J..F#o....+...BQ..cA...&...a.Q..<5....._(h....63.\......./L.F...kjY..a.`"..r.....>....*.1.J.<.Jb#F.".>.?RU....q.v...W....Ql.....N;?.....r........g.O..So\.G....C3m...$..I.D..rv.u4&....$.#..qs[.C.1b9...a..S.i...;..Q.\..)........5..O..1k.x....Uv...Ka.7..A8.d.......fD(.W..pmm......_..D.oY92.q.L...)..!....!..a..].y..F.z;.gi..=.u5.../E..uL..%.....CrH.`.&.

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1002\90ad3f9e65eb7db798cc3c0466455ea4_9e146be9-c76a-4720-bcdb-53011b87bd06

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\BitTorrent-7.6.exe
                                                                                                                                                                                                                                              File Type:Matlab v4 mat-file (little endian) , sparse, rows 0, columns 39
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):1483
                                                                                                                                                                                                                                              Entropy (8bit):7.36679197359931
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:24:HyoXyOpE88+B7Uz3nh8jW4jaVC1tfkdj5DsCzde+m2bAJ/SFoe7Gu2ltRxA7:HyoXy/eB7UzXh2IGUj5wCzM+m2aqF/Nx
                                                                                                                                                                                                                                              MD5:AEFE7598BF4FF5F02F4D25958956327B
                                                                                                                                                                                                                                              SHA1:3B8CDDFC4D1AA7A6ED42585EA81C4DA9827047B0
                                                                                                                                                                                                                                              SHA-256:C573367001F9E24514AED6F7CB9956F2524E68EC162B042F5DE1D2DBE3CB38A0
                                                                                                                                                                                                                                              SHA-512:D622BE12331D364100CCD40BE479A6572095CED725E0A1A63157FD7BF6267D3779F01B80F8D5134D52D986A78300B6021BB26595FEEBD9C2D33BE580C5785D96
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:........'...............................{0B3F0809-9EF2-43D6-9B65-65372B888CC6}.....................RSA1................U.]....W;.Y.-....n.Kv...i.=..'xt...l..5...6s.-.....P....K^..3..8) ...g.S.^@N.TS...nY..pwM.r....."....y-....J-.I.~...k~.BTY......................z..O........d.nQpK...........,...C.r.y.p.t.o.A.P.I. .P.r.i.v.a.t.e. .K.e.y....f...... ........tV$9l.x...A..>....a*].u..V............ ............-L...<...1.....i..h..8....Q#U.3.u.?fe_..XD....g.qv....8Vr.....e.9.../z..l........#.7..03.sUd&6.E..^*...m...\aUU../..E...?.FC.dp..x..8u.y0.qs..P..6....%.S.!M{4.N..pQ.o.QJ.`..U.V.!..............Z+.x..Q5...j&%.........".k..i+....l.|Y!.h.2<..=|#2.<.J...@..u%Mw......S..z. ......_.....g.5.[<......:....4.....s..2A(1...N..\pA".......;......Ay.N.w.m|......(..].(..VjZ....O.x...@~(......zp[Y....s..%..7....X..1..dO.....x<<3q.=w...C9?.O.a.E.P.=..Wg..Qe..(O.'`-I...3...0.I/..y.C.kI...>...w..*!....LH)PK.3h.&n......c..b(..-....G......:<......!'K...>..@(.\......V..'

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1002\af08614a784fc652e7b95d2e4cc70d62_9e146be9-c76a-4720-bcdb-53011b87bd06

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\BitTorrent\BitTorrent.exe
                                                                                                                                                                                                                                              File Type:Matlab v4 mat-file (little endian) , sparse, rows 0, columns 39
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):1483
                                                                                                                                                                                                                                              Entropy (8bit):7.349461603780676
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:24:H4fvXyOpE88+B7Uj6cL+lTlyWdsrtI7qDOZIUWW6LuvVhMdP1U3unCy9x+PJ:H4fvXy/eB7UulTAWdsr+miZdWWiuvgDU
                                                                                                                                                                                                                                              MD5:24A0F90515BA90A7EEF474BF1837F577
                                                                                                                                                                                                                                              SHA1:C503A647148EA6E8B3A0A103C070607A085B1869
                                                                                                                                                                                                                                              SHA-256:5A8887DC023C8E32051AE019E89A79C921415DB721D52D2506B96F593F3FC0A9
                                                                                                                                                                                                                                              SHA-512:3CDF825822FC3476846715A4385400FA6C7410BAE0514A8AC467FE18FB997E22DEC08C7138C28CA7CA6556C776D42E4194EAAAB5DAB8FEA6DE9F4D9CF7E2D90C
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:........'...............................{82A6C312-AA1A-4AEA-86E9-C0EF7D7E9DB4}.....................RSA1................U.]....W;.Y.-....n.Kv...i.=..'xt...l..5...6s.-.....P....K^..3..8) ...g.S.^@N.TS...nY..pwM.r....."....y-....J-.I.~...k~.BTY......................z..O........d.nQpK...........,...C.r.y.p.t.o.A.P.I. .P.r.i.v.a.t.e. .K.e.y....f...... ....z.J...)....mI.3.....r..x.}.............. ...#s.{.D.i.;.UZ`.[(..._....6^.#I........`U.Sl....t.(...g..p....Q....#WU..l..#@.s`m...p.Dv....9+..vV......l..8..........2...bsg<..]..<...m.QxXG..<x&...z......"p.}..<.U)p?5E..M4m....32...e0.d{.C.02.-...L..D....*|../..........P..b.FDN..&..Q.....67r%j.I`....;t.{.0.%sb..."F..P...h4J.N..g.D...~dS_.ED..b.o<):."..;._....R....2`.......M#...............%fB.bC-...k.....7=..|"W.?.N.........I2.<.&.....<..L. ......W....f..s#..X.....8."..Rl...g.1...g|...R{.#....ld...Y<w2X....z..q).A.....uS..../%.....e(.LVio.4....5.G<t/.Zt..j...!\.I.Iy.=H....2..k......^....`.|E..W8....

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1002\bc49718863ee53e026d805ec372039e9_9e146be9-c76a-4720-bcdb-53011b87bd06

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\BitTorrent-7.6.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):46
                                                                                                                                                                                                                                              Entropy (8bit):1.0424600748477153
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:/lbq:4
                                                                                                                                                                                                                                              MD5:8CB7B7F28464C3FCBAE8A10C46204572
                                                                                                                                                                                                                                              SHA1:767FE80969EC2E67F54CC1B6D383C76E7859E2DE
                                                                                                                                                                                                                                              SHA-256:ED5E3DCEB0A1D68803745084985051C1ED41E11AC611DF8600B1A471F3752E96
                                                                                                                                                                                                                                              SHA-512:9BA84225FDB6C0FD69AD99B69824EC5B8D2B8FD3BB4610576DB4AD79ADF381F7F82C4C9522EC89F7171907577FAF1B4E70B82364F516CF8BBFED99D2ADEA43AF
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:........................................user.

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1002\cd26ad47264c0cb6bef78bfd1eec24fc_9e146be9-c76a-4720-bcdb-53011b87bd06

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\BitTorrent\BitTorrent.exe
                                                                                                                                                                                                                                              File Type:Matlab v4 mat-file (little endian) , sparse, rows 0, columns 39
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):1483
                                                                                                                                                                                                                                              Entropy (8bit):7.337955714283277
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:24:Hq95XyOpE88+B7UfYgOxncl6CfR4ZeVjw5t4Vyx9o7HXDsBfvFWy6KcKhtYkSh:HqnXy/eB7UfYTcl6U2IVjS2VGM3DsBfa
                                                                                                                                                                                                                                              MD5:CFF7353EBA216B00688F9975FE0B18C6
                                                                                                                                                                                                                                              SHA1:7D3E53412E9D5B75AE647A859294AEA79A6CB759
                                                                                                                                                                                                                                              SHA-256:AA9123FED12E048AFC4FE7BF69012C493B4862184A0D02188473E753AC6CEBE2
                                                                                                                                                                                                                                              SHA-512:FEB16A57DFF6ABA914D5A7DB8D9B61411A1B54EEE342B7DF48218DE0FD70EF65A33253FF48378A297688EF9616C35BF6264C7CA09151EC8DCFD401A13A7984EC
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:........'...............................{1FAAFD10-20B8-417A-8ED0-C567239CB88A}.....................RSA1................U.]....W;.Y.-....n.Kv...i.=..'xt...l..5...6s.-.....P....K^..3..8) ...g.S.^@N.TS...nY..pwM.r....."....y-....J-.I.~...k~.BTY......................z..O........d.nQpK...........,...C.r.y.p.t.o.A.P.I. .P.r.i.v.a.t.e. .K.e.y....f...... ..........dy..^....%..R.`...j.{.%............. ........s.4%.....@9..r....cGv`S.........k.Z.T.]....!i..\.^B...#..P2-..j.Y.S.3!.T......Y..........:.|[A..&.........95.\..h.'k.k)....O.z..........%E.A.8...X3>h.r.............0f..}.p..h..sf=.1..\.[7...'.>.A..-...b.+..X.9~..,............W.....oS..".i....=..oi.+9C..vd.e.%..`...^]...>...n?-.j(..=..e.8%...QT......{.8.F./..y....ye.jK.....X....b.T...b...RQ.e../.:.9...>...y<...>V<_.."-k8.G..{...[1$...m*."s.k....../.H.h...+....)%.....=.xl.ja..4)*0y......Wf W.A)...GC.w..].Ld}.K...|.G.4.h...H[..e.j...b,............A.8...W...o.c.oHO.h; .h..y.]|i..l..........CO.A?.,.h[9.v..=-7

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\BitTorrent-7.6.exe
                                                                                                                                                                                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Apr 23 02:40:36 2024, mtime=Tue Apr 23 02:40:36 2024, atime=Tue Apr 23 02:40:36 2024, length=6053744, window=hide
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):1060
                                                                                                                                                                                                                                              Entropy (8bit):4.667128029865992
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:24:8YPW+EAudOEsdddjwCyAeWXaAdMoUUAnqyFm:8dxAudOpjRXXaAdM9oyF
                                                                                                                                                                                                                                              MD5:A8773EFF471F3A1ED266814D7084AAE8
                                                                                                                                                                                                                                              SHA1:81F9E1D2669D179CD8B62BDAE2B42870D05EED0C
                                                                                                                                                                                                                                              SHA-256:3E697AAABA3A8E4837D961345D2331D80BD46FCAEA6F2A7379A26C1127744A61
                                                                                                                                                                                                                                              SHA-512:95EEBB9E6EFD394983BB8D4EC5CA61877B90ADE3B40A4250D0E602F0E809718DEF1C38330D3C0CC1599E37125A9E070D18EEA91F12183FE30D389AD1504F8C18
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:L..................F.... ....m..0.......0.......0...p_\..........................P.O. .:i.....+00.../C:\.....................1......X....PROGRA~2.........O.I.X......................V.....:...P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....^.1......X....BITTOR~1..F......X...X......Y.........................B.i.t.T.o.r.r.e.n.t.....j.2.p_\..X.. .BITTOR~1.EXE..N......X...X...........................a...B.i.t.T.o.r.r.e.n.t...e.x.e......._...............-.......^............(.......C:\Program Files (x86)\BitTorrent\BitTorrent.exe..B.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.B.i.t.T.o.r.r.e.n.t.\.B.i.t.T.o.r.r.e.n.t...e.x.e.........*................@Z|...K.J.........`.......X.......841618...........hT..CrF.f4... .m.T..b...,.......hT..CrF.f4... .m.T..b...,..................1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5.1.1.7.-.2.4.7.6.7.5.6.6.3.4.-.1.0.0.2.........9...1

                                                                                                                                                                                                                                              Static File Info

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                                                                                                              Entropy (8bit):7.944122850469794
                                                                                                                                                                                                                                              TrID:
                                                                                                                                                                                                                                              • Win32 Executable (generic) a (10002005/4) 98.37%
                                                                                                                                                                                                                                              • Windows ActiveX control (116523/4) 1.15%
                                                                                                                                                                                                                                              • InstallShield setup (43055/19) 0.42%
                                                                                                                                                                                                                                              • Clipper DOS Executable (2020/12) 0.02%
                                                                                                                                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                              File name:BitTorrent-7.6.exe
                                                                                                                                                                                                                                              File size:6'053'744 bytes
                                                                                                                                                                                                                                              MD5:ded1f11c105f1ef534e1d3f08d192127
                                                                                                                                                                                                                                              SHA1:3186b98376bde648824b7e36d14070184de69cd2
                                                                                                                                                                                                                                              SHA256:f778566a62b26ae58d564e9e473531a055b936fa90d068fc03e1867b598f30b8
                                                                                                                                                                                                                                              SHA512:dd6638f7e15eb15a0914cbe7a1cd253fd4d19e2a99205ebf4bb2261e20bdfa534c75b882524902a044a300e808bfef3cf4adf771e5a5355e62821090523db8d9
                                                                                                                                                                                                                                              SSDEEP:98304:HtaqNPrd5FZ1QYQPvGieAbw56NxtWLoRS8NQXfIC0vosGLYJpb9FTWzzLWeHaI:H/NPfTSr3GieAw61BQhPz0WLsNqzJx
                                                                                                                                                                                                                                              TLSH:4F56225277E0D031F1BE1270EA3A977558B9FD30AD34A64B67847A1D1E30A81EB347A3
                                                                                                                                                                                                                                              File Content Preview:MZ......................@......................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              File Icon

                                                                                                                                                                                                                                              Icon Hash:0739716c4e7c390f

                                                                                                                                                                                                                                              Static PE Info

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Entrypoint:0x5c3c00
                                                                                                                                                                                                                                              Entrypoint Section:UPX1
                                                                                                                                                                                                                                              Digitally signed:true
                                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                                              Subsystem:windows gui
                                                                                                                                                                                                                                              Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                              Time Stamp:0x4EEA8D6A [Fri Dec 16 00:14:34 2011 UTC]
                                                                                                                                                                                                                                              TLS Callbacks:
                                                                                                                                                                                                                                              CLR (.Net) Version:
                                                                                                                                                                                                                                              OS Version Major:5
                                                                                                                                                                                                                                              OS Version Minor:0
                                                                                                                                                                                                                                              File Version Major:5
                                                                                                                                                                                                                                              File Version Minor:0
                                                                                                                                                                                                                                              Subsystem Version Major:5
                                                                                                                                                                                                                                              Subsystem Version Minor:0
                                                                                                                                                                                                                                              Import Hash:c3489e9d4c644aaeddd8ac3921c5f8ab

                                                                                                                                                                                                                                              Authenticode Signature

                                                                                                                                                                                                                                              Signature Valid:true
                                                                                                                                                                                                                                              Signature Issuer:CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
                                                                                                                                                                                                                                              Signature Validation Error:The operation completed successfully
                                                                                                                                                                                                                                              Error Number:0
                                                                                                                                                                                                                                              Not Before, Not After
                                                                                                                                                                                                                                              • 21/06/2010 01:00:00 27/07/2013 00:59:59
                                                                                                                                                                                                                                              Subject Chain
                                                                                                                                                                                                                                              • CN=BitTorrent Inc, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=BitTorrent Inc, L=San Francisco, S=California, C=US
                                                                                                                                                                                                                                              Version:3
                                                                                                                                                                                                                                              Thumbprint MD5:4A2AD1F358F2CC92E9365EEA9D7E827E
                                                                                                                                                                                                                                              Thumbprint SHA-1:1D132064BA317AC022DF309CCC750DA6E6A7A144
                                                                                                                                                                                                                                              Thumbprint SHA-256:2A5B779C89DE4A7F2A8F07153A699EF37EC6D057022F6F279AD5DB415511F2F3
                                                                                                                                                                                                                                              Serial:36BC30562A650AFAA5AD101ECD643AB4

                                                                                                                                                                                                                                              Entrypoint Preview

                                                                                                                                                                                                                                              Instruction
                                                                                                                                                                                                                                              pushad
                                                                                                                                                                                                                                              mov esi, 0052F000h
                                                                                                                                                                                                                                              lea edi, dword ptr [esi-0012E000h]
                                                                                                                                                                                                                                              push edi
                                                                                                                                                                                                                                              mov ebp, esp
                                                                                                                                                                                                                                              lea ebx, dword ptr [esp-00030E80h]
                                                                                                                                                                                                                                              xor eax, eax
                                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                                              cmp esp, ebx
                                                                                                                                                                                                                                              jne 00007F882927034Dh
                                                                                                                                                                                                                                              inc esi
                                                                                                                                                                                                                                              inc esi
                                                                                                                                                                                                                                              push ebx
                                                                                                                                                                                                                                              push 001C1303h
                                                                                                                                                                                                                                              push edi
                                                                                                                                                                                                                                              add ebx, 04h
                                                                                                                                                                                                                                              push ebx
                                                                                                                                                                                                                                              push 00094BFDh
                                                                                                                                                                                                                                              push esi
                                                                                                                                                                                                                                              add ebx, 04h
                                                                                                                                                                                                                                              push ebx
                                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                                              mov dword ptr [ebx], 00040007h
                                                                                                                                                                                                                                              nop
                                                                                                                                                                                                                                              nop
                                                                                                                                                                                                                                              nop
                                                                                                                                                                                                                                              nop
                                                                                                                                                                                                                                              nop
                                                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                                                              push edi
                                                                                                                                                                                                                                              push esi
                                                                                                                                                                                                                                              push ebx
                                                                                                                                                                                                                                              sub esp, 7Ch
                                                                                                                                                                                                                                              mov edx, dword ptr [esp+00000090h]
                                                                                                                                                                                                                                              mov dword ptr [esp+74h], 00000000h
                                                                                                                                                                                                                                              mov byte ptr [esp+73h], 00000000h
                                                                                                                                                                                                                                              mov ebp, dword ptr [esp+0000009Ch]
                                                                                                                                                                                                                                              lea eax, dword ptr [edx+04h]
                                                                                                                                                                                                                                              mov dword ptr [esp+78h], eax
                                                                                                                                                                                                                                              mov eax, 00000001h
                                                                                                                                                                                                                                              movzx ecx, byte ptr [edx+02h]
                                                                                                                                                                                                                                              mov ebx, eax
                                                                                                                                                                                                                                              shl ebx, cl
                                                                                                                                                                                                                                              mov ecx, ebx
                                                                                                                                                                                                                                              dec ecx
                                                                                                                                                                                                                                              mov dword ptr [esp+6Ch], ecx
                                                                                                                                                                                                                                              movzx ecx, byte ptr [edx+01h]
                                                                                                                                                                                                                                              shl eax, cl
                                                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                                                              mov dword ptr [esp+68h], eax
                                                                                                                                                                                                                                              mov eax, dword ptr [esp+000000A8h]
                                                                                                                                                                                                                                              movzx esi, byte ptr [edx]
                                                                                                                                                                                                                                              mov dword ptr [ebp+00h], 00000000h
                                                                                                                                                                                                                                              mov dword ptr [esp+60h], 00000000h
                                                                                                                                                                                                                                              mov dword ptr [eax], 00000000h
                                                                                                                                                                                                                                              mov eax, 00000300h
                                                                                                                                                                                                                                              mov dword ptr [esp+64h], esi
                                                                                                                                                                                                                                              mov dword ptr [esp+5Ch], 00000001h
                                                                                                                                                                                                                                              mov dword ptr [esp+58h], 00000001h
                                                                                                                                                                                                                                              mov dword ptr [esp+54h], 00000001h

                                                                                                                                                                                                                                              Data Directories

                                                                                                                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x1cb0d80x330.rsrc
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x1c50000x60d8.rsrc
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x5c4a000x1570.payload
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                              Sections

                                                                                                                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                              UPX00x10000x12e0000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                              UPX10x12f0000x960000x95800279ebe6f52eb5e4952de351107f526ffFalse0.9984437055811036data7.999536015497686IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                              .rsrc0x1c50000x70000x66002b7aa81af835116bae8c5865d1e0678bFalse0.21415441176470587data3.9409539528543576IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                              .payload0x1cc0000x46d0000x46ce006742593db9b94db815b3ffa55da21ef8unknownunknownunknownunknownIMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_SHARED
                                                                                                                                                                                                                                              .opcandy0x6390000xbc0000xbba00a0700c700a35e5c9f48095c58505cdb2False0.50553276982012PE32 executable (DLL) (GUI) Intel 80386, for MS Windows6.655187116608237IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_SHARED

                                                                                                                                                                                                                                              Resources

                                                                                                                                                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                              RT_BITMAP0x1a9db80x4228dataSwedishSweden1.0009447331128956
                                                                                                                                                                                                                                              RT_BITMAP0x1adfe00x82adataSwedishSweden1.0052631578947369
                                                                                                                                                                                                                                              RT_ICON0x169de00x10a8dataEnglishUnited States1.002579737335835
                                                                                                                                                                                                                                              RT_ICON0x16aea00x8a8dataEnglishUnited States1.0049638989169676
                                                                                                                                                                                                                                              RT_ICON0x16b7600x25a8dataEnglishUnited States1.0011410788381743
                                                                                                                                                                                                                                              RT_ICON0x16dd200x25a8dataEnglishUnited States1.0011410788381743
                                                                                                                                                                                                                                              RT_ICON0x1702e00x25a8dataEnglishUnited States1.0011410788381743
                                                                                                                                                                                                                                              RT_ICON0x1728a00x25a8dataEnglishUnited States1.0011410788381743
                                                                                                                                                                                                                                              RT_ICON0x174e600x25a8dataEnglishUnited States1.0011410788381743
                                                                                                                                                                                                                                              RT_ICON0x1774200x25a8dataEnglishUnited States1.0011410788381743
                                                                                                                                                                                                                                              RT_ICON0x1799e00x25a8dataEnglishUnited States1.0011410788381743
                                                                                                                                                                                                                                              RT_ICON0x17bfa00x25a8dataEnglishUnited States1.0011410788381743
                                                                                                                                                                                                                                              RT_ICON0x17e5600x10a8dataEnglishUnited States1.002579737335835
                                                                                                                                                                                                                                              RT_ICON0x17f6200x4768dataEnglishUnited States1.000875273522976
                                                                                                                                                                                                                                              RT_ICON0x183da00x468dataEnglishUnited States1.0097517730496455
                                                                                                                                                                                                                                              RT_ICON0x1842080x10a8dataEnglishUnited States1.002579737335835
                                                                                                                                                                                                                                              RT_ICON0x1852b00x25a8dataEnglishUnited States1.0011410788381743
                                                                                                                                                                                                                                              RT_ICON0x1878880x4768dataEnglishUnited States1.000875273522976
                                                                                                                                                                                                                                              RT_ICON0x18c0080x8a8dataEnglishUnited States1.0049638989169676
                                                                                                                                                                                                                                              RT_ICON0x18c8c80x8a8dataEnglishUnited States1.0049638989169676
                                                                                                                                                                                                                                              RT_ICON0x18d1880x8a8dataEnglishUnited States1.0049638989169676
                                                                                                                                                                                                                                              RT_ICON0x18da480x5e8dataEnglishUnited States1.0072751322751323
                                                                                                                                                                                                                                              RT_ICON0x18e0480x8d68dataEnglishUnited States1.0005801104972376
                                                                                                                                                                                                                                              RT_ICON0x196dc80x25a8dataEnglishUnited States1.0011410788381743
                                                                                                                                                                                                                                              RT_ICON0x1993880x25a8dataEnglishUnited States1.0011410788381743
                                                                                                                                                                                                                                              RT_ICON0x1c6de40x468Device independent bitmap graphic, 16 x 32 x 32, image size 0SwedishSweden0.32358156028368795
                                                                                                                                                                                                                                              RT_ICON0x1c72500x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0SwedishSweden0.174953095684803
                                                                                                                                                                                                                                              RT_ICON0x1c82fc0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0SwedishSweden0.12334024896265561
                                                                                                                                                                                                                                              RT_ICON0x19f4300x8a8dataSwedishSweden1.0049638989169676
                                                                                                                                                                                                                                              RT_ICON0x19fcf00x568dataSwedishSweden1.0079479768786128
                                                                                                                                                                                                                                              RT_ICON0x1a02700x128dataSwedishSweden1.037162162162162
                                                                                                                                                                                                                                              RT_ICON0x1a03b00x8a8dataSwedishSweden1.0049638989169676
                                                                                                                                                                                                                                              RT_ICON0x1a0c700x8a8dataSwedishSweden1.0049638989169676
                                                                                                                                                                                                                                              RT_ICON0x1a15300x468dataSwedishSweden1.0097517730496455
                                                                                                                                                                                                                                              RT_ICON0x1a19b00x468dataSwedishSweden1.0097517730496455
                                                                                                                                                                                                                                              RT_ICON0x1a1e300x468dataSwedishSweden1.0097517730496455
                                                                                                                                                                                                                                              RT_DIALOG0x1a77d00xbcdataSwedishSweden1.0585106382978724
                                                                                                                                                                                                                                              RT_DIALOG0x1a38980x72dataSwedishSweden1.0964912280701755
                                                                                                                                                                                                                                              RT_DIALOG0x1a39880x78dataSwedishSweden1.0916666666666666
                                                                                                                                                                                                                                              RT_DIALOG0x1a3a000x78dataSwedishSweden1.0916666666666666
                                                                                                                                                                                                                                              RT_DIALOG0x1a3a780x78dataSwedishSweden1.0916666666666666
                                                                                                                                                                                                                                              RT_DIALOG0x1a3af00xe2dataSwedishSweden1.0486725663716814
                                                                                                                                                                                                                                              RT_DIALOG0x1a39100x78dataSwedishSweden1.0916666666666666
                                                                                                                                                                                                                                              RT_DIALOG0x1a3bd80x78dataSwedishSweden1.0916666666666666
                                                                                                                                                                                                                                              RT_DIALOG0x1a38580x40dataSwedishSweden1.171875
                                                                                                                                                                                                                                              RT_DIALOG0x1a54d80xfcdataSwedishSweden1.0436507936507937
                                                                                                                                                                                                                                              RT_DIALOG0x1a55d80x35cdataSwedishSweden1.0127906976744185
                                                                                                                                                                                                                                              RT_DIALOG0x1a59380x360dataSwedishSweden1.0127314814814814
                                                                                                                                                                                                                                              RT_DIALOG0x1a5f580x380dataSwedishSweden1.0122767857142858
                                                                                                                                                                                                                                              RT_DIALOG0x1a67b80x240dataSwedishSweden1.0190972222222223
                                                                                                                                                                                                                                              RT_DIALOG0x1a69f80x164dataSwedishSweden1.0308988764044944
                                                                                                                                                                                                                                              RT_DIALOG0x1a5c980x2c0dataSwedishSweden1.015625
                                                                                                                                                                                                                                              RT_DIALOG0x1a6dc00x158dataSwedishSweden1.0319767441860466
                                                                                                                                                                                                                                              RT_DIALOG0x1a6f180x180dataSwedishSweden1.0286458333333333
                                                                                                                                                                                                                                              RT_DIALOG0x1a2be00x80dataSwedishSweden1.0859375
                                                                                                                                                                                                                                              RT_DIALOG0x1a35380x320dataSwedishSweden1.01375
                                                                                                                                                                                                                                              RT_DIALOG0x1a4a000x100dataSwedishSweden1.04296875
                                                                                                                                                                                                                                              RT_DIALOG0x1a4c900xc0dataSwedishSweden1.0572916666666667
                                                                                                                                                                                                                                              RT_DIALOG0x1a44a80x60dataSwedishSweden1.1145833333333333
                                                                                                                                                                                                                                              RT_DIALOG0x1a4d500xbcdataSwedishSweden1.0585106382978724
                                                                                                                                                                                                                                              RT_DIALOG0x1a2e000x360dataSwedishSweden1.0127314814814814
                                                                                                                                                                                                                                              RT_DIALOG0x1a78900x300dataSwedishSweden1.0143229166666667
                                                                                                                                                                                                                                              RT_DIALOG0x1a7b900x140dataSwedishSweden1.034375
                                                                                                                                                                                                                                              RT_DIALOG0x1a74b00x320dataSwedishSweden1.01375
                                                                                                                                                                                                                                              RT_DIALOG0x1a6b600x260OpenPGP Public KeySwedishSweden1.018092105263158
                                                                                                                                                                                                                                              RT_DIALOG0x1a3c500x670dataSwedishSweden1.0066747572815533
                                                                                                                                                                                                                                              RT_DIALOG0x1a70980x220dataSwedishSweden1.0202205882352942
                                                                                                                                                                                                                                              RT_DIALOG0x1a74300x80dataSwedishSweden1.0859375
                                                                                                                                                                                                                                              RT_DIALOG0x1a42c00x146dataSwedishSweden1.0337423312883436
                                                                                                                                                                                                                                              RT_DIALOG0x1a7cd00x60dataSwedishSweden1.1145833333333333
                                                                                                                                                                                                                                              RT_DIALOG0x1a4b000x18cdataSwedishSweden1.0277777777777777
                                                                                                                                                                                                                                              RT_DIALOG0x1a45680x140dataSwedishSweden1.034375
                                                                                                                                                                                                                                              RT_DIALOG0x1a51c80x98dataSwedishSweden1.0723684210526316
                                                                                                                                                                                                                                              RT_DIALOG0x1a4e100x3b8dataSwedishSweden1.0115546218487395
                                                                                                                                                                                                                                              RT_DIALOG0x1a2c600x1a0dataSwedishSweden1.0264423076923077
                                                                                                                                                                                                                                              RT_DIALOG0x1a62d80x2c0dataSwedishSweden1.015625
                                                                                                                                                                                                                                              RT_DIALOG0x1a65980x220dataSwedishSweden1.0202205882352942
                                                                                                                                                                                                                                              RT_DIALOG0x1a72b80x174dataSwedishSweden1.0295698924731183
                                                                                                                                                                                                                                              RT_DIALOG0x1a45080x60dataSwedishSweden1.1145833333333333
                                                                                                                                                                                                                                              RT_DIALOG0x1a2ac00x120OpenPGP Secret KeySwedishSweden1.0381944444444444
                                                                                                                                                                                                                                              RT_DIALOG0x1a44080xa0dataSwedishSweden1.06875
                                                                                                                                                                                                                                              RT_DIALOG0x1a46a80x160dataSwedishSweden1.03125
                                                                                                                                                                                                                                              RT_DIALOG0x1a7d300x2e0dataSwedishSweden1.014945652173913
                                                                                                                                                                                                                                              RT_DIALOG0x1a80500x1f4dataSwedishSweden1.022
                                                                                                                                                                                                                                              RT_DIALOG0x1a84e80x2b0dataSwedishSweden1.0159883720930232
                                                                                                                                                                                                                                              RT_DIALOG0x1a8cf00x140dataSwedishSweden1.034375
                                                                                                                                                                                                                                              RT_DIALOG0x1a25980x528dataSwedishSweden1.0083333333333333
                                                                                                                                                                                                                                              RT_DIALOG0x1a82480xe0dataSwedishSweden1.0491071428571428
                                                                                                                                                                                                                                              RT_DIALOG0x1a87980xc0dataSwedishSweden1.0572916666666667
                                                                                                                                                                                                                                              RT_DIALOG0x1a8aa80x244OpenPGP Secret KeySwedishSweden1.0189655172413794
                                                                                                                                                                                                                                              RT_DIALOG0x1a83280xe0dataSwedishSweden1.0491071428571428
                                                                                                                                                                                                                                              RT_DIALOG0x1a84080xe0dataSwedishSweden1.0491071428571428
                                                                                                                                                                                                                                              RT_DIALOG0x1a48080xa0dataSwedishSweden1.06875
                                                                                                                                                                                                                                              RT_DIALOG0x1a88580x250dataSwedishSweden1.0185810810810811
                                                                                                                                                                                                                                              RT_DIALOG0x1a8e300xe0dataSwedishSweden1.0491071428571428
                                                                                                                                                                                                                                              RT_DIALOG0x1a8f100x160dataSwedishSweden1.03125
                                                                                                                                                                                                                                              RT_DIALOG0x1a91c80x120dataSwedishSweden1.0381944444444444
                                                                                                                                                                                                                                              RT_DIALOG0x1a91100xb8dataSwedishSweden1.059782608695652
                                                                                                                                                                                                                                              RT_DIALOG0x1a24e00xb8dataSwedishSweden1.059782608695652
                                                                                                                                                                                                                                              RT_DIALOG0x1a95180x60dataSwedishSweden1.1145833333333333
                                                                                                                                                                                                                                              RT_DIALOG0x1a95780x80dataSwedishSweden1.0859375
                                                                                                                                                                                                                                              RT_DIALOG0x1a96580x40dataSwedishSweden1.171875
                                                                                                                                                                                                                                              RT_DIALOG0x1a96980x178dataSwedishSweden1.0292553191489362
                                                                                                                                                                                                                                              RT_DIALOG0x1a24400xa0dataSwedishSweden1.06875
                                                                                                                                                                                                                                              RT_DIALOG0x1a92e80x22cdataSwedishSweden1.0197841726618706
                                                                                                                                                                                                                                              RT_DIALOG0x1a99500xe0dataSwedishSweden1.0491071428571428
                                                                                                                                                                                                                                              RT_DIALOG0x1a31600x3d8dataSwedishSweden1.011178861788618
                                                                                                                                                                                                                                              RT_DIALOG0x1a99100x40dataSwedishSweden1.171875
                                                                                                                                                                                                                                              RT_DIALOG0x1a9a300xb8dataSwedishSweden1.059782608695652
                                                                                                                                                                                                                                              RT_DIALOG0x1a23700xccdataSwedishSweden1.053921568627451
                                                                                                                                                                                                                                              RT_DIALOG0x1a9ae80x60dataSwedishSweden1.1145833333333333
                                                                                                                                                                                                                                              RT_DIALOG0x1a23300x40dataSwedishSweden1.171875
                                                                                                                                                                                                                                              RT_DIALOG0x1a9b880x160dataSwedishSweden1.03125
                                                                                                                                                                                                                                              RT_DIALOG0x1a22b00x80dataSwedishSweden1.0859375
                                                                                                                                                                                                                                              RT_DIALOG0x1a90700x40dataSwedishSweden1.171875
                                                                                                                                                                                                                                              RT_DIALOG0x1a95f80x60PGP Secret Sub-key -SwedishSweden1.1145833333333333
                                                                                                                                                                                                                                              RT_DIALOG0x1a80100x40dataSwedishSweden1.171875
                                                                                                                                                                                                                                              RT_DIALOG0x1a48a80x154dataSwedishSweden1.0323529411764707
                                                                                                                                                                                                                                              RT_DIALOG0x1a52600x120dataSwedishSweden1.0381944444444444
                                                                                                                                                                                                                                              RT_DIALOG0x1a53800x158dataSwedishSweden1.0319767441860466
                                                                                                                                                                                                                                              RT_DIALOG0x1a90b00x60dataSwedishSweden1.1145833333333333
                                                                                                                                                                                                                                              RT_DIALOG0x1a9b480x40dataSwedishSweden1.171875
                                                                                                                                                                                                                                              RT_DIALOG0x1a98100x100dataSwedishSweden1.04296875
                                                                                                                                                                                                                                              RT_DIALOG0x1a9ce80xccdataSwedishSweden1.053921568627451
                                                                                                                                                                                                                                              RT_GROUP_ICON0x1ca8a80x30dataSwedishSweden0.9166666666666666
                                                                                                                                                                                                                                              RT_GROUP_ICON0x1a03980x14dataSwedishSweden1.4
                                                                                                                                                                                                                                              RT_GROUP_ICON0x1a02580x14dataSwedishSweden1.45
                                                                                                                                                                                                                                              RT_GROUP_ICON0x16b7480x14dataEnglishUnited States1.45
                                                                                                                                                                                                                                              RT_GROUP_ICON0x1a0c580x14dataSwedishSweden1.45
                                                                                                                                                                                                                                              RT_GROUP_ICON0x1a15180x14dataSwedishSweden1.45
                                                                                                                                                                                                                                              RT_GROUP_ICON0x1a19980x14dataSwedishSweden1.45
                                                                                                                                                                                                                                              RT_GROUP_ICON0x1a1e180x14dataSwedishSweden1.45
                                                                                                                                                                                                                                              RT_GROUP_ICON0x1a22980x14dataSwedishSweden1.45
                                                                                                                                                                                                                                              RT_GROUP_ICON0x19fcd80x14dataSwedishSweden1.45
                                                                                                                                                                                                                                              RT_GROUP_ICON0x16dd080x14Non-ISO extended-ASCII text, with no line terminatorsEnglishUnited States1.45
                                                                                                                                                                                                                                              RT_GROUP_ICON0x1702c80x14dataEnglishUnited States1.45
                                                                                                                                                                                                                                              RT_GROUP_ICON0x1728880x14dataEnglishUnited States1.45
                                                                                                                                                                                                                                              RT_GROUP_ICON0x174e480x14dataEnglishUnited States1.45
                                                                                                                                                                                                                                              RT_GROUP_ICON0x1774080x14dataEnglishUnited States1.4
                                                                                                                                                                                                                                              RT_GROUP_ICON0x1799c80x14Non-ISO extended-ASCII text, with no line terminatorsEnglishUnited States1.45
                                                                                                                                                                                                                                              RT_GROUP_ICON0x17bf880x14dataEnglishUnited States1.45
                                                                                                                                                                                                                                              RT_GROUP_ICON0x17e5480x14dataEnglishUnited States1.45
                                                                                                                                                                                                                                              RT_GROUP_ICON0x17f6080x14OpenPGP Public KeyEnglishUnited States1.4
                                                                                                                                                                                                                                              RT_GROUP_ICON0x183d880x14dataEnglishUnited States1.45
                                                                                                                                                                                                                                              RT_GROUP_ICON0x1878580x30dataEnglishUnited States1.2291666666666667
                                                                                                                                                                                                                                              RT_GROUP_ICON0x18bff00x14dataEnglishUnited States1.45
                                                                                                                                                                                                                                              RT_GROUP_ICON0x196db00x14dataEnglishUnited States1.4
                                                                                                                                                                                                                                              RT_GROUP_ICON0x18c8b00x14dataEnglishUnited States1.45
                                                                                                                                                                                                                                              RT_GROUP_ICON0x18d1700x14Non-ISO extended-ASCII text, with no line terminatorsEnglishUnited States1.45
                                                                                                                                                                                                                                              RT_GROUP_ICON0x18da300x14dataEnglishUnited States1.4
                                                                                                                                                                                                                                              RT_GROUP_ICON0x18e0300x14dataEnglishUnited States1.45
                                                                                                                                                                                                                                              RT_GROUP_ICON0x1993700x14dataEnglishUnited States1.45
                                                                                                                                                                                                                                              RT_GROUP_ICON0x19b9300x14dataEnglishUnited States1.45
                                                                                                                                                                                                                                              RT_GROUP_ICON0x16ae880x14dataEnglishUnited States1.45
                                                                                                                                                                                                                                              RT_VERSION0x1ca8dc0x310dataSwedishSweden0.43494897959183676
                                                                                                                                                                                                                                              RT_MANIFEST0x1cabf00x4e6XML 1.0 document, ASCII textSwedishSweden0.44577352472089316

                                                                                                                                                                                                                                              Imports

                                                                                                                                                                                                                                              DLLImport
                                                                                                                                                                                                                                              KERNEL32.DLLLoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
                                                                                                                                                                                                                                              ADVAPI32.dllFreeSid
                                                                                                                                                                                                                                              COMCTL32.dll
                                                                                                                                                                                                                                              comdlg32.dllGetSaveFileNameW
                                                                                                                                                                                                                                              GDI32.dllPie
                                                                                                                                                                                                                                              MSIMG32.dllGradientFill
                                                                                                                                                                                                                                              MSVCRT.dllatoi
                                                                                                                                                                                                                                              ole32.dllOleCreate
                                                                                                                                                                                                                                              OLEAUT32.dllSysAllocString
                                                                                                                                                                                                                                              PSAPI.DLLGetProcessMemoryInfo
                                                                                                                                                                                                                                              SETUPAPI.dllSetupDiGetClassDevsW
                                                                                                                                                                                                                                              SHELL32.dllDragFinish
                                                                                                                                                                                                                                              USER32.dllGetDC
                                                                                                                                                                                                                                              WS2_32.dllgetservbyport

                                                                                                                                                                                                                                              Possible Origin

                                                                                                                                                                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                              SwedishSweden
                                                                                                                                                                                                                                              EnglishUnited States

                                                                                                                                                                                                                                              Network Behavior

                                                                                                                                                                                                                                              Network Port Distribution

                                                                                                                                                                                                                                              TCP Packets

                                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:09.802068949 CEST49678443192.168.2.4104.46.162.224
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:11.583323002 CEST49675443192.168.2.4173.222.162.32
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:16.188669920 CEST4973280192.168.2.4173.254.195.58
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:16.189311028 CEST4973380192.168.2.467.215.246.203
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:16.343475103 CEST804973367.215.246.203192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:16.343602896 CEST4973380192.168.2.467.215.246.203
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:16.343780994 CEST4973380192.168.2.467.215.246.203
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:16.497939110 CEST804973367.215.246.203192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:16.501842022 CEST804973367.215.246.203192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:16.501905918 CEST804973367.215.246.203192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:16.501960039 CEST4973380192.168.2.467.215.246.203
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:16.502037048 CEST4973380192.168.2.467.215.246.203
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:16.502865076 CEST4973380192.168.2.467.215.246.203
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:16.657121897 CEST804973367.215.246.203192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:17.192653894 CEST4973280192.168.2.4173.254.195.58
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:19.208460093 CEST4973280192.168.2.4173.254.195.58
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:19.612142086 CEST4973480192.168.2.4173.254.195.58
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:20.614658117 CEST4973480192.168.2.4173.254.195.58
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:21.192706108 CEST49675443192.168.2.4173.222.162.32
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:22.614697933 CEST4973480192.168.2.4173.254.195.58
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:23.224066019 CEST4973280192.168.2.4173.254.195.58
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:26.623511076 CEST4973480192.168.2.4173.254.195.58
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:31.239711046 CEST4973280192.168.2.4173.254.195.58
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:32.941299915 CEST49672443192.168.2.4173.222.162.32
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:32.941389084 CEST44349672173.222.162.32192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:33.293483973 CEST4973680192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:33.293492079 CEST4973580192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:33.397696972 CEST8049735208.111.131.209192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:33.397813082 CEST4973580192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:33.397933006 CEST4973580192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:33.398159981 CEST8049736208.111.131.209192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:33.398238897 CEST4973680192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:33.398303986 CEST4973680192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:33.502720118 CEST8049735208.111.131.209192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:33.502778053 CEST8049736208.111.131.209192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:33.503288984 CEST8049735208.111.131.209192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:33.503350019 CEST8049735208.111.131.209192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:33.503365040 CEST4973580192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:33.503390074 CEST8049736208.111.131.209192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:33.503426075 CEST4973580192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:33.503428936 CEST8049736208.111.131.209192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:33.503439903 CEST4973680192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:33.503470898 CEST4973680192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:33.503544092 CEST4973580192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:33.503823996 CEST4973780192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:33.503865957 CEST4973680192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:33.577322006 CEST49738443192.168.2.440.127.169.103
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:33.577400923 CEST4434973840.127.169.103192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:33.577498913 CEST49738443192.168.2.440.127.169.103
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:33.579173088 CEST49738443192.168.2.440.127.169.103
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:33.579206944 CEST4434973840.127.169.103192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:33.607553959 CEST8049735208.111.131.209192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:33.607894897 CEST8049736208.111.131.209192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:33.607937098 CEST8049737208.111.131.209192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:33.608004093 CEST4973780192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:33.608187914 CEST4973780192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:33.712485075 CEST8049737208.111.131.209192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:33.869086981 CEST8049737208.111.131.209192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:33.869148970 CEST8049737208.111.131.209192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:33.869317055 CEST4973780192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:33.869394064 CEST4973780192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:33.869602919 CEST4973780192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:33.973809958 CEST8049737208.111.131.209192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:34.186012030 CEST4434973840.127.169.103192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:34.186095953 CEST49738443192.168.2.440.127.169.103
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:34.189492941 CEST49738443192.168.2.440.127.169.103
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:34.189531088 CEST4434973840.127.169.103192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:34.190074921 CEST4434973840.127.169.103192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:34.239581108 CEST49738443192.168.2.440.127.169.103
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:34.581020117 CEST49738443192.168.2.440.127.169.103
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:34.624125004 CEST4434973840.127.169.103192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:34.630213976 CEST4973480192.168.2.4173.254.195.58
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:34.970870972 CEST4434973840.127.169.103192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:34.970901012 CEST4434973840.127.169.103192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:34.970911980 CEST4434973840.127.169.103192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:34.970930099 CEST4434973840.127.169.103192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:34.970968008 CEST4434973840.127.169.103192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:34.971014023 CEST49738443192.168.2.440.127.169.103
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:34.971084118 CEST4434973840.127.169.103192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:34.971113920 CEST4434973840.127.169.103192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:34.971137047 CEST4434973840.127.169.103192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:34.971146107 CEST49738443192.168.2.440.127.169.103
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:34.971146107 CEST49738443192.168.2.440.127.169.103
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:34.971183062 CEST49738443192.168.2.440.127.169.103
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:34.971183062 CEST49738443192.168.2.440.127.169.103
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:35.206923008 CEST49738443192.168.2.440.127.169.103
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:35.206983089 CEST4434973840.127.169.103192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:35.207034111 CEST49738443192.168.2.440.127.169.103
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:35.207051992 CEST4434973840.127.169.103192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:37.080878019 CEST4974480192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:37.081089973 CEST4974580192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:37.185102940 CEST8049744208.111.131.209192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:37.185189962 CEST4974480192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:37.185384035 CEST8049745208.111.131.209192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:37.185565948 CEST4974580192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:37.186577082 CEST4974480192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:37.186856031 CEST4974580192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:37.240528107 CEST4974680192.168.2.4173.254.195.58
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:37.290600061 CEST8049744208.111.131.209192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:37.291187048 CEST8049745208.111.131.209192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:37.291598082 CEST8049745208.111.131.209192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:37.291619062 CEST8049745208.111.131.209192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:37.291810036 CEST4974580192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:37.291810989 CEST4974580192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:37.291810989 CEST4974580192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:37.292334080 CEST4974780192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:37.352507114 CEST8049744208.111.131.209192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:37.352538109 CEST8049744208.111.131.209192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:37.352557898 CEST8049744208.111.131.209192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:37.352592945 CEST4974480192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:37.352632046 CEST4974480192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:37.352740049 CEST4974480192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:37.352768898 CEST4974480192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:37.396368980 CEST8049745208.111.131.209192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:37.396776915 CEST8049747208.111.131.209192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:37.396965981 CEST4974780192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:37.397007942 CEST4974780192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:37.456878901 CEST8049744208.111.131.209192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:37.458343029 CEST4974480192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:37.501544952 CEST8049747208.111.131.209192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:37.502774000 CEST8049747208.111.131.209192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:37.502805948 CEST8049747208.111.131.209192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:37.502971888 CEST4974780192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:37.502971888 CEST4974780192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:37.502971888 CEST4974780192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:37.607633114 CEST8049747208.111.131.209192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:38.255208015 CEST4974680192.168.2.4173.254.195.58
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:39.788019896 CEST4974880192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:39.790205002 CEST4974980192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:39.892251968 CEST8049748208.111.131.209192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:39.894443989 CEST8049749208.111.131.209192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:39.894545078 CEST4974880192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:39.894550085 CEST4974980192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.270862103 CEST4974680192.168.2.4173.254.195.58
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.377832890 CEST4974980192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.377957106 CEST4974880192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.435827971 CEST4975080192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.482040882 CEST8049748208.111.131.209192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.482100010 CEST8049749208.111.131.209192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.483237028 CEST8049748208.111.131.209192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.483308077 CEST8049748208.111.131.209192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.483347893 CEST8049749208.111.131.209192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.483382940 CEST8049749208.111.131.209192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.483386993 CEST4974880192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.483422041 CEST4974980192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.483540058 CEST4974980192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.487694979 CEST4974880192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.491265059 CEST4975180192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.491286039 CEST4974980192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.543757915 CEST8049750208.111.131.209192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.543843985 CEST4975080192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.543975115 CEST4975080192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.591875076 CEST8049748208.111.131.209192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.595746040 CEST8049749208.111.131.209192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.595870018 CEST8049751208.111.131.209192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.596175909 CEST4975180192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.596364975 CEST4975180192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.599359035 CEST4975380192.168.2.4173.254.195.58
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.642502069 CEST4975480192.168.2.4173.254.195.58
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.648391008 CEST8049750208.111.131.209192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.691304922 CEST8049750208.111.131.209192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.691374063 CEST8049750208.111.131.209192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.691709995 CEST4975080192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.691709995 CEST4975080192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.700692892 CEST8049751208.111.131.209192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.701160908 CEST8049751208.111.131.209192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.701224089 CEST8049751208.111.131.209192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.701353073 CEST4975180192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.703557014 CEST4975180192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.796309948 CEST8049750208.111.131.209192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.808007956 CEST8049751208.111.131.209192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:41.093867064 CEST4975580192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:41.211823940 CEST804975599.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:41.211906910 CEST4975580192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:41.332110882 CEST4975580192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:41.450167894 CEST804975599.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:41.450232983 CEST804975599.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:41.450273991 CEST804975599.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:41.450326920 CEST4975580192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:41.450913906 CEST4975580192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:41.451462030 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:41.451503992 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:41.451560974 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:41.569035053 CEST804975599.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:41.599133968 CEST4975380192.168.2.4173.254.195.58
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:41.645999908 CEST4975480192.168.2.4173.254.195.58
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:41.871154070 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:41.871189117 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.138098001 CEST4975780192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.139241934 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.139336109 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.143817902 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.143836975 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.144419909 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.157558918 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.200158119 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.242889881 CEST8049757208.111.131.209192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.242976904 CEST4975780192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.243094921 CEST4975780192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.347914934 CEST8049757208.111.131.209192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.348236084 CEST8049757208.111.131.209192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.348278999 CEST8049757208.111.131.209192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.348417997 CEST4975780192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.348494053 CEST4975780192.168.2.4208.111.131.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.453193903 CEST8049757208.111.131.209192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.568057060 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.584223986 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.584287882 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.584323883 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.584353924 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.584371090 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.584403038 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.604140997 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.604223013 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.604258060 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.604276896 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.604309082 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.645853043 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.696455956 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.696533918 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.696547985 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.696571112 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.696589947 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.696775913 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.716254950 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.716341972 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.716351032 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.716402054 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.734241009 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.734349012 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.734349966 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.734370947 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.734397888 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.754605055 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.754678965 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.754710913 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.754717112 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.754751921 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.812583923 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.812671900 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.812680006 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.812714100 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.812742949 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.812753916 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.825038910 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.825114965 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.825123072 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.825170994 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.832597971 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.832679033 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.844238043 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.844300985 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.844310045 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.844331026 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.844351053 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.857047081 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.857104063 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.857125044 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.857132912 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.857158899 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.857182980 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.870004892 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.870075941 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.870096922 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.870110989 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.870136023 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.870153904 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.882684946 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.882769108 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.882776976 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.882811069 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.882832050 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.882854939 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.893501997 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.893567085 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.893579960 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.893599987 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.893616915 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.893778086 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.895648956 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.895709991 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.905529976 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.905601025 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.905610085 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.905651093 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.916485071 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.916552067 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.916558981 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.916574001 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.916610956 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.923063040 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.923137903 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.927015066 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.927100897 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.936434984 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.936501980 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.936518908 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.936526060 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.936552048 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.936566114 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.944365025 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.944444895 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.944451094 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.944492102 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.944542885 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.944600105 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.953030109 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.953136921 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.953150988 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.953196049 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.960798025 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.960866928 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.960871935 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.960880995 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.960905075 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.960913897 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.968317986 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.968388081 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.968415022 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.968422890 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.968441963 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.968457937 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.974622965 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.974670887 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.974699974 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.974708080 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.974735022 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.974747896 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.981868982 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.981941938 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.981949091 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.981992960 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.983155012 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.983210087 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.990848064 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.990952969 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.990983009 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.990988016 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.990998030 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.991060019 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.993562937 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.993633032 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.000332117 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.000401020 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.000405073 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.000422955 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.000449896 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.007572889 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.007635117 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.007642984 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.007649899 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.007675886 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.007689953 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.010247946 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.010304928 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.013900995 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.013968945 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.016393900 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.016455889 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.017597914 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.017652035 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.023561954 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.023628950 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.023636103 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.023684978 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.029140949 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.029206038 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.029225111 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.029231071 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.029253006 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.032569885 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.032634974 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.032643080 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.032680988 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.035402060 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.035473108 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.037678003 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.037743092 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.041093111 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.041172981 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.043332100 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.043396950 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.046402931 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.046472073 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.048460007 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.048523903 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.050075054 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.050146103 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.052548885 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.052609921 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.052647114 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.052798033 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.052813053 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.053028107 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.053734064 CEST49756443192.168.2.499.86.228.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.053750992 CEST4434975699.86.228.107192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.521157026 CEST4975880192.168.2.4188.166.49.116
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.599008083 CEST4975380192.168.2.4173.254.195.58
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.645998955 CEST4975480192.168.2.4173.254.195.58
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.726175070 CEST8049758188.166.49.116192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.726291895 CEST4975880192.168.2.4188.166.49.116
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.726382971 CEST4975880192.168.2.4188.166.49.116
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.931309938 CEST8049758188.166.49.116192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.931377888 CEST8049758188.166.49.116192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.931601048 CEST4975880192.168.2.4188.166.49.116
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.935703993 CEST4975880192.168.2.4188.166.49.116
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:44.140491962 CEST8049758188.166.49.116192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:44.286499977 CEST4974680192.168.2.4173.254.195.58
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:47.607737064 CEST4975380192.168.2.4173.254.195.58
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:47.661516905 CEST4975480192.168.2.4173.254.195.58
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:52.286569118 CEST4974680192.168.2.4173.254.195.58
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:55.614761114 CEST4975380192.168.2.4173.254.195.58
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:55.661650896 CEST4975480192.168.2.4173.254.195.58
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:58.286967039 CEST4976280192.168.2.4173.254.195.58
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:59.302149057 CEST4976280192.168.2.4173.254.195.58
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:59.708509922 CEST4972980192.168.2.4152.195.50.149
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:59.812679052 CEST8049729152.195.50.149192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:59.812753916 CEST4972980192.168.2.4152.195.50.149
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:01.302165031 CEST4976280192.168.2.4173.254.195.58
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:01.662092924 CEST4976380192.168.2.4173.254.195.58
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:02.678241968 CEST4976380192.168.2.4173.254.195.58
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:04.692884922 CEST4976380192.168.2.4173.254.195.58
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:05.302189112 CEST4976280192.168.2.4173.254.195.58
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:08.708493948 CEST4976380192.168.2.4173.254.195.58
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:13.009296894 CEST49764443192.168.2.440.127.169.103
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:13.009354115 CEST4434976440.127.169.103192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:13.009417057 CEST49764443192.168.2.440.127.169.103
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:13.009840965 CEST49764443192.168.2.440.127.169.103
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:13.009861946 CEST4434976440.127.169.103192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:13.321027994 CEST4976280192.168.2.4173.254.195.58
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:13.605845928 CEST4434976440.127.169.103192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:13.605923891 CEST49764443192.168.2.440.127.169.103
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:13.607841969 CEST49764443192.168.2.440.127.169.103
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:13.607855082 CEST4434976440.127.169.103192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:13.608196974 CEST4434976440.127.169.103192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:13.618985891 CEST49764443192.168.2.440.127.169.103
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:13.664125919 CEST4434976440.127.169.103192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:14.190515995 CEST4434976440.127.169.103192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:14.190553904 CEST4434976440.127.169.103192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:14.190574884 CEST4434976440.127.169.103192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:14.190623045 CEST49764443192.168.2.440.127.169.103
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:14.190658092 CEST4434976440.127.169.103192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:14.190675020 CEST4434976440.127.169.103192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:14.190675974 CEST49764443192.168.2.440.127.169.103
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:14.190701962 CEST49764443192.168.2.440.127.169.103
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:14.190709114 CEST4434976440.127.169.103192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:14.190721989 CEST49764443192.168.2.440.127.169.103
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:14.190747976 CEST49764443192.168.2.440.127.169.103
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:14.190754890 CEST4434976440.127.169.103192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:14.190792084 CEST49764443192.168.2.440.127.169.103
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:14.190804958 CEST4434976440.127.169.103192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:14.191648960 CEST49764443192.168.2.440.127.169.103
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:14.195466995 CEST49764443192.168.2.440.127.169.103
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:14.195486069 CEST4434976440.127.169.103192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:14.195497036 CEST49764443192.168.2.440.127.169.103
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:14.195503950 CEST4434976440.127.169.103192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:16.708450079 CEST4976380192.168.2.4173.254.195.58
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:19.334033966 CEST4976580192.168.2.4173.254.195.58
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:20.333487988 CEST4976580192.168.2.4173.254.195.58
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:22.333494902 CEST4976580192.168.2.4173.254.195.58
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:26.333625078 CEST4976580192.168.2.4173.254.195.58
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:28.724488020 CEST4972380192.168.2.472.21.81.240
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:28.724497080 CEST4972480192.168.2.472.21.81.240
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:28.828397989 CEST804972372.21.81.240192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:28.828499079 CEST4972380192.168.2.472.21.81.240
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:28.828721046 CEST804972472.21.81.240192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:28.828777075 CEST4972480192.168.2.472.21.81.240
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:34.333551884 CEST4976580192.168.2.4173.254.195.58

                                                                                                                                                                                                                                              UDP Packets

                                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:16.077192068 CEST5377853192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:16.077301025 CEST6070653192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:16.183214903 CEST53537781.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:16.183275938 CEST53607061.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:33.125353098 CEST6417353192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:33.292618990 CEST53641731.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:39.673211098 CEST53515351192.168.2.4192.168.2.1
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:39.673350096 CEST53515351192.168.2.4192.168.2.1
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.353493929 CEST138138192.168.2.4192.168.2.255
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.378340006 CEST5887053192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.511288881 CEST53515351192.168.2.4192.168.2.1
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.511288881 CEST53515351192.168.2.4192.168.2.1
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.511288881 CEST53515351192.168.2.4192.168.2.1
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.547491074 CEST53588701.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.549325943 CEST5653953192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.655405998 CEST53565391.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.663568020 CEST5839753192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.664207935 CEST485396881192.168.2.467.215.246.10
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.769438028 CEST53583971.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.770982027 CEST485396881192.168.2.482.221.103.244
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.771544933 CEST5809253192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.818267107 CEST68814853967.215.246.10192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.819065094 CEST485396881192.168.2.467.215.246.10
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.928901911 CEST53580921.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.973160028 CEST68814853967.215.246.10192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:41.015852928 CEST4853955747192.168.2.4152.58.163.95
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:41.015906096 CEST4853938865192.168.2.4186.158.228.1
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:41.015928030 CEST4853915019192.168.2.489.22.52.102
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:41.015985966 CEST485397915192.168.2.4172.59.185.110
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:41.253763914 CEST150194853989.22.52.102192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:41.313071966 CEST4853958048192.168.2.4146.158.2.27
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:41.616911888 CEST5804848539146.158.2.27192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:41.871403933 CEST4853919201192.168.2.487.236.30.53
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.120763063 CEST192014853987.236.30.53192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.138233900 CEST4853951413192.168.2.481.13.147.127
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.486562967 CEST514134853981.13.147.127192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.486789942 CEST4853937789192.168.2.4177.50.201.96
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.771022081 CEST4853957210192.168.2.439.170.9.113
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.771090031 CEST485396881192.168.2.494.190.5.69
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.771107912 CEST485396881192.168.2.4188.143.209.11
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.022562027 CEST68814853994.190.5.69192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.022991896 CEST4853930047192.168.2.45.138.125.33
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.084184885 CEST688148539188.143.209.11192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.134596109 CEST4853958255192.168.2.469.138.242.1
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.162127018 CEST4954553192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.268318892 CEST582554853969.138.242.1192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.268552065 CEST4853914160192.168.2.427.224.235.174
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.284548998 CEST30047485395.138.125.33192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.284936905 CEST4853943198192.168.2.445.94.208.26
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.462219000 CEST53495451.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.786631107 CEST485396881192.168.2.465.108.78.54
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:44.000689983 CEST68814853965.108.78.54192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:44.771823883 CEST485392910192.168.2.4162.55.243.114
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:44.771867037 CEST4853932681192.168.2.445.142.112.53
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:44.771929979 CEST485396883192.168.2.449.12.86.202
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:45.786685944 CEST4853963044192.168.2.4152.53.34.217
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:46.005059004 CEST6304448539152.53.34.217192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:46.786746979 CEST485396881192.168.2.4195.170.172.78
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:46.787029982 CEST4853953923192.168.2.4179.255.242.57
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:46.787236929 CEST485396889192.168.2.4165.228.220.187
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:47.115503073 CEST688948539165.228.220.187192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:47.115814924 CEST4853914553192.168.2.431.10.174.45
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:47.434988022 CEST145534853931.10.174.45192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:47.435543060 CEST4853961027192.168.2.4213.91.250.100
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:47.786715984 CEST4853916427192.168.2.437.19.206.37
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:48.122700930 CEST30047485395.138.125.33192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:48.123125076 CEST4853930047192.168.2.45.138.125.33
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:48.872430086 CEST4853914466192.168.2.4177.105.244.238
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:48.872736931 CEST485392327192.168.2.4177.192.7.234
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:50.859148026 CEST485396882192.168.2.4173.69.27.254
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:50.859302044 CEST4853944652192.168.2.4181.46.166.112
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:50.859355927 CEST4853952838192.168.2.495.8.96.167
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:51.115187883 CEST4465248539181.46.166.112192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:51.120064020 CEST4853937580192.168.2.4181.232.179.171
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:51.120142937 CEST4853928111192.168.2.4184.145.224.229
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:51.241595984 CEST528384853995.8.96.167192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:51.241859913 CEST485394446192.168.2.441.90.189.33
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:52.755491018 CEST4853925285192.168.2.4211.103.112.139
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:52.755601883 CEST485391867192.168.2.4119.111.242.57
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:52.755601883 CEST4853931537192.168.2.4181.232.243.171
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:52.755726099 CEST4853917055192.168.2.4115.22.129.61
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:53.088989973 CEST2528548539211.103.112.139192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:22.755959988 CEST485396881192.168.2.467.215.246.10
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:22.755983114 CEST4853915019192.168.2.489.22.52.102
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:22.756016970 CEST4853919201192.168.2.487.236.30.53
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:22.756328106 CEST485396889192.168.2.4165.228.220.187
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:22.909877062 CEST68814853967.215.246.10192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:22.910245895 CEST485396881192.168.2.4123.129.129.158
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:22.993639946 CEST150194853989.22.52.102192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:22.993892908 CEST485391636192.168.2.495.25.120.227
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:23.005551100 CEST192014853987.236.30.53192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:23.005755901 CEST4853955396192.168.2.480.240.209.148
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:23.075298071 CEST688948539165.228.220.187192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:23.075479031 CEST4853912127192.168.2.4126.22.109.75
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:23.260725021 CEST16364853995.25.120.227192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:23.261023045 CEST4853914212192.168.2.4153.195.218.248
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:23.391386032 CEST1212748539126.22.109.75192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:23.391593933 CEST485396881192.168.2.4187.213.203.118
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:23.544914007 CEST688148539187.213.203.118192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:23.545109987 CEST4853965269192.168.2.437.3.205.143
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:23.771672964 CEST4853915019192.168.2.489.22.52.102
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:23.771712065 CEST485396881192.168.2.494.190.5.69
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:23.771728039 CEST4853919201192.168.2.487.236.30.53
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:23.773663998 CEST485396881192.168.2.4188.143.209.11
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:23.795840979 CEST652694853937.3.205.143192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:23.972115993 CEST485392923192.168.2.490.151.95.121
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:24.008706093 CEST150194853989.22.52.102192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:24.010219097 CEST485398240192.168.2.495.189.77.24
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:24.021162987 CEST192014853987.236.30.53192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:24.021291018 CEST4853930149192.168.2.451.75.45.182
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:24.022624016 CEST68814853994.190.5.69192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:24.025950909 CEST4853921086192.168.2.431.220.173.230
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:24.057638884 CEST688148539188.143.209.11192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:24.061961889 CEST4853932812192.168.2.4220.87.49.145
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:24.242698908 CEST29234853990.151.95.121192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:24.248136044 CEST301494853951.75.45.182192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:24.302952051 CEST210864853931.220.173.230192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:24.336000919 CEST82404853995.189.77.24192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:24.343118906 CEST3281248539220.87.49.145192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:24.489115000 CEST485396881192.168.2.465.108.78.54
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:24.489332914 CEST485398114192.168.2.4213.87.102.59
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:24.489334106 CEST4853926389192.168.2.4124.220.16.156
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:24.489341974 CEST4853960124192.168.2.414.4.100.74
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:24.489363909 CEST4853913661192.168.2.4109.63.201.204
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:24.703377962 CEST68814853965.108.78.54192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:24.732291937 CEST1366148539109.63.201.204192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:24.733867884 CEST485399010192.168.2.474.206.43.191
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:24.755943060 CEST485391688192.168.2.4136.243.96.42
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:24.756000042 CEST485397553192.168.2.4193.168.176.1
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:24.756026983 CEST4853922222192.168.2.459.126.118.214
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:24.799038887 CEST2638948539124.220.16.156192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:24.827301979 CEST601244853914.4.100.74192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:24.836735964 CEST811448539213.87.102.59192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:24.868760109 CEST90104853974.206.43.191192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:24.964963913 CEST168848539136.243.96.42192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:25.025837898 CEST755348539193.168.176.1192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:25.060281992 CEST222224853959.126.118.214192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:25.097528934 CEST485399003192.168.2.4101.93.172.79
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:25.097619057 CEST4853955153192.168.2.4198.53.44.177
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:25.097656012 CEST4853951413192.168.2.4122.142.117.18
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:25.097702980 CEST485396881192.168.2.465.108.78.54
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:25.097755909 CEST485396881192.168.2.454.214.62.55
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:25.097827911 CEST4853960003192.168.2.460.26.64.129
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:25.249128103 CEST5515348539198.53.44.177192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:25.249382019 CEST485396881192.168.2.470.29.80.124
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:25.297039986 CEST68814853954.214.62.55192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:25.311475039 CEST68814853965.108.78.54192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:25.394917965 CEST68814853970.29.80.124192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:25.395297050 CEST485397509192.168.2.4176.29.1.147
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:25.427356958 CEST900348539101.93.172.79192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:25.427556992 CEST4853953407192.168.2.495.216.96.160
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:25.465435982 CEST600034853960.26.64.129192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:25.690857887 CEST750948539176.29.1.147192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:25.691054106 CEST485396881192.168.2.418.220.82.190
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:25.771184921 CEST485396881192.168.2.45.145.195.5
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:25.819808006 CEST68814853918.220.82.190192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:26.140255928 CEST6881485395.145.195.5192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:26.755712986 CEST4853960003192.168.2.460.26.64.129
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:26.755783081 CEST485396881192.168.2.413.58.27.33
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:26.755835056 CEST485396881192.168.2.454.70.28.180
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:26.755861998 CEST4853940471192.168.2.4177.184.240.1
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:26.755925894 CEST4853917678192.168.2.4222.121.162.21
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:26.755938053 CEST4853954167192.168.2.4185.16.39.225
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:26.886380911 CEST68814853913.58.27.33192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:26.940943003 CEST68814853954.70.28.180192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:26.998985052 CEST5416748539185.16.39.225192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:27.044785976 CEST1767848539222.121.162.21192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:27.045013905 CEST485396881192.168.2.454.214.62.55
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:27.091640949 CEST4047148539177.184.240.1192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:27.091972113 CEST4853922725192.168.2.4195.78.54.214
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:27.127883911 CEST600034853960.26.64.129192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:27.255530119 CEST68814853954.214.62.55192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:27.755757093 CEST4853911951192.168.2.414.251.71.68
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:27.755791903 CEST485396881192.168.2.418.218.241.3
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:27.755820990 CEST4853915019192.168.2.489.22.52.102
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:27.755861044 CEST4853930149192.168.2.451.75.45.182
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:27.755883932 CEST4853960124192.168.2.414.4.100.74
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:27.755995035 CEST4853926389192.168.2.4124.220.16.156
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:27.993590117 CEST150194853989.22.52.102192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:27.994283915 CEST4853957367192.168.2.469.50.95.167
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:28.065752029 CEST2638948539124.220.16.156192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:28.066106081 CEST485396891192.168.2.4223.109.185.6
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:28.123195887 CEST601244853914.4.100.74192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:28.123481035 CEST4853941170192.168.2.458.143.53.17
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:28.312014103 CEST68814853918.218.241.3192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:28.771352053 CEST4853953838192.168.2.4181.209.195.5
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:28.771352053 CEST4853920487192.168.2.4176.37.166.210
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:28.771383047 CEST4853921728192.168.2.4110.84.72.216
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:28.771473885 CEST485396881192.168.2.4108.51.58.116
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:28.771496058 CEST485396881192.168.2.418.220.82.190
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:28.771534920 CEST485396881192.168.2.418.218.241.3
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:28.916414022 CEST688148539108.51.58.116192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:28.916630030 CEST485396881192.168.2.418.220.82.190
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:29.010626078 CEST2048748539176.37.166.210192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:29.010844946 CEST485396881192.168.2.413.58.27.33
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:29.160022020 CEST68814853918.218.241.3192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:29.179652929 CEST68814853913.58.27.33192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:29.771783113 CEST485396881192.168.2.418.223.137.220
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:29.771908045 CEST485399292192.168.2.4115.173.80.178
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:29.771938086 CEST485396992192.168.2.454.194.135.233
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:29.771938086 CEST485396881192.168.2.41.237.27.50
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:29.771948099 CEST485396882192.168.2.4223.109.147.85
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:29.771996975 CEST4853958588192.168.2.4182.221.141.232
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:29.907191038 CEST68814853918.223.137.220192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:30.004415989 CEST69924853954.194.135.233192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:30.143316984 CEST6881485391.237.27.50192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:30.143560886 CEST4853949001192.168.2.4212.75.158.193
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:30.161007881 CEST688248539223.109.147.85192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:30.161267042 CEST4853953458192.168.2.4211.247.91.194
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:30.205749035 CEST5858848539182.221.141.232192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:30.206214905 CEST4853912590192.168.2.4177.37.174.173
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:30.256755114 CEST68814853918.220.82.190192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:30.364526987 CEST68814853918.220.82.190192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:30.400270939 CEST4900148539212.75.158.193192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:30.400520086 CEST485396881192.168.2.4125.131.94.131
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:30.544605017 CEST1259048539177.37.174.173192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:30.544933081 CEST485396881192.168.2.482.112.52.54
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:30.675246954 CEST688148539125.131.94.131192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:30.675559044 CEST4853938733192.168.2.495.104.190.210
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:30.755736113 CEST485396881192.168.2.454.214.105.212
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:30.755861998 CEST4853936897192.168.2.4188.165.210.225
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:30.755917072 CEST4853960073192.168.2.481.101.168.230
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:30.755974054 CEST485396881192.168.2.413.58.27.33
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:30.755976915 CEST4853952688192.168.2.445.188.17.101
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:30.804231882 CEST68814853982.112.52.54192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:30.804438114 CEST4853932976192.168.2.4112.161.174.214
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:30.900829077 CEST68814853913.58.27.33192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:30.999241114 CEST3689748539188.165.210.225192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:31.086476088 CEST3297648539112.161.174.214192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:31.087817907 CEST485396881192.168.2.418.223.137.220
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:31.283462048 CEST68814853918.223.137.220192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:31.771251917 CEST485395122192.168.2.480.95.45.150
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:31.771274090 CEST485396881192.168.2.454.70.28.180
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:31.771354914 CEST485396881192.168.2.459.173.49.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:31.771416903 CEST485396882192.168.2.4223.109.147.85
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:31.771416903 CEST4853958588192.168.2.4182.221.141.232
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:31.771447897 CEST4853932976192.168.2.4112.161.174.214
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:31.771495104 CEST485396881192.168.2.4125.131.94.131
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:31.771492004 CEST485396881192.168.2.454.70.174.84
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:31.872332096 CEST68814853954.214.105.212192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:31.956226110 CEST68814853954.70.174.84192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:32.021958113 CEST51224853980.95.45.150192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:32.022325993 CEST4853962817192.168.2.4197.184.176.1
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:32.047782898 CEST688148539125.131.94.131192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:32.048219919 CEST4853940894192.168.2.4183.101.229.67
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:32.053468943 CEST3297648539112.161.174.214192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:32.053668022 CEST4853941175192.168.2.4115.86.172.219
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:32.132632971 CEST5858848539182.221.141.232192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:32.132860899 CEST485396880192.168.2.434.235.218.124
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:32.155312061 CEST688248539223.109.147.85192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:32.155628920 CEST485396882192.168.2.4112.85.139.111
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:32.203998089 CEST68814853954.70.28.180192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:32.249437094 CEST68804853934.235.218.124192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:32.249816895 CEST4853951413192.168.2.45.9.123.177
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:32.420947075 CEST4117548539115.86.172.219192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:32.421148062 CEST4089448539183.101.229.67192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:32.421257973 CEST485392079192.168.2.4130.255.58.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:32.421354055 CEST4853955606192.168.2.4221.151.61.134
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:32.458210945 CEST51413485395.9.123.177192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:32.458483934 CEST4853941198192.168.2.4220.116.237.180
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:32.691649914 CEST207948539130.255.58.209192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:32.691911936 CEST4853934914192.168.2.4190.205.205.188
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:32.705132008 CEST5560648539221.151.61.134192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:32.705322027 CEST4853915409192.168.2.4139.227.122.215
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:32.736593008 CEST4119848539220.116.237.180192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:32.736833096 CEST485396881192.168.2.45.8.222.178
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:32.755528927 CEST4853940172192.168.2.4182.118.46.36
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:32.755548000 CEST485396881192.168.2.465.108.78.54
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:32.755604029 CEST4853938670192.168.2.4177.98.202.202
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:32.755620003 CEST4853936897192.168.2.4188.165.210.225
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:32.755660057 CEST4853948327192.168.2.4188.246.252.29
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:32.755738974 CEST485396880192.168.2.447.116.75.1
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:32.876208067 CEST3491448539190.205.205.188192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:32.876585960 CEST485396892192.168.2.413.114.205.93
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:32.969491959 CEST68814853965.108.78.54192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:32.992188931 CEST3689748539188.165.210.225192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:33.024787903 CEST1540948539139.227.122.215192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:33.025108099 CEST485396881192.168.2.475.119.138.164
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:33.069931030 CEST4017248539182.118.46.36192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:33.076076031 CEST6881485395.8.222.178192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:33.076381922 CEST4853964235192.168.2.424.50.234.178
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:33.227569103 CEST68924853913.114.205.93192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:33.771311998 CEST4853910675192.168.2.492.118.60.29
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:33.771423101 CEST485396882192.168.2.4176.97.70.169
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:33.771537066 CEST4853952067192.168.2.449.34.138.202
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:33.771560907 CEST4853952745192.168.2.424.50.234.169
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:33.771565914 CEST485396881192.168.2.418.218.241.3
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:33.952600956 CEST68814853918.218.241.3192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:33.987966061 CEST642354853924.50.234.178192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:34.028919935 CEST688248539176.97.70.169192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:34.051430941 CEST527454853924.50.234.169192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:34.755605936 CEST485394781192.168.2.484.17.46.214
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:34.755665064 CEST4853926462192.168.2.438.253.146.159
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:34.755707026 CEST485391267192.168.2.4120.0.60.242
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:34.755742073 CEST4853938001192.168.2.478.173.82.159
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:34.755784035 CEST4853945325192.168.2.4152.58.211.13
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:34.755806923 CEST4853935885192.168.2.481.206.196.205
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:34.755870104 CEST485396881192.168.2.415.204.0.70
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:34.755908012 CEST4853940194192.168.2.4182.118.46.36
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:34.755945921 CEST485394445192.168.2.4180.97.220.148
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:34.937412977 CEST68814853915.204.0.70192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:34.957531929 CEST264624853938.253.146.159192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:34.958046913 CEST4853919541192.168.2.4180.45.193.147
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:35.114351988 CEST4019448539182.118.46.36192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:35.148241997 CEST380014853978.173.82.159192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:35.148542881 CEST485398429192.168.2.4118.116.96.24
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:35.755605936 CEST4853922191192.168.2.414.10.64.1
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:35.755784988 CEST4853937487192.168.2.4196.187.212.29
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:35.755844116 CEST4853946667192.168.2.4102.189.59.40
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:35.755935907 CEST485396881192.168.2.418.218.241.3
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:35.755933046 CEST4853929469192.168.2.41.180.24.52
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:35.755990982 CEST4853941175192.168.2.4115.86.172.219
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:35.756023884 CEST4853940894192.168.2.4183.101.229.67
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:35.756048918 CEST485396880192.168.2.434.235.218.124
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:35.756061077 CEST4853934914192.168.2.4190.205.205.188
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:35.872437954 CEST68804853934.235.218.124192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:35.872641087 CEST485396881192.168.2.451.210.178.49
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:35.893603086 CEST68814853918.218.241.3192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:35.937872887 CEST3491448539190.205.205.188192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:35.938122034 CEST4853928006192.168.2.437.48.94.73
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:36.080332994 CEST68814853951.210.178.49192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:36.080568075 CEST4853951314192.168.2.486.90.231.43
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:36.111829996 CEST3748748539196.187.212.29192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:36.111962080 CEST4853917460192.168.2.450.47.220.64
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:36.134563923 CEST4089448539183.101.229.67192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:36.134787083 CEST4853932249192.168.2.470.73.233.118
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:36.141222954 CEST280064853937.48.94.73192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:36.141515017 CEST4853951413192.168.2.42.34.90.28
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:36.147191048 CEST4117548539115.86.172.219192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:36.147414923 CEST4853959132192.168.2.4194.61.120.72
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:36.308415890 CEST4666748539102.189.59.40192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:36.308655024 CEST4853961710192.168.2.4146.70.175.70
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:36.310827017 CEST513144853986.90.231.43192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:36.311089039 CEST4853940582192.168.2.410.10.20.1
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:36.354978085 CEST5913248539194.61.120.72192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:36.355179071 CEST4853957543192.168.2.410.10.20.1
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:36.357181072 CEST51413485392.34.90.28192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:36.357301950 CEST4853916314192.168.2.4212.58.119.115
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:36.755635977 CEST4853959195192.168.2.4166.199.232.1
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:36.755760908 CEST4853935859192.168.2.495.68.204.29
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:36.755844116 CEST4853943975192.168.2.4186.241.125.143
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:36.755904913 CEST4853957210192.168.2.4116.237.169.191
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:36.755940914 CEST485396882192.168.2.438.180.29.16
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:36.756002903 CEST4853917006192.168.2.4218.93.206.90
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:36.756031036 CEST4853940194192.168.2.4182.118.46.36
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:36.756099939 CEST4853943361192.168.2.414.161.253.143
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:36.756124020 CEST485395612192.168.2.4110.88.206.139
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:37.009126902 CEST68824853938.180.29.16192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:37.013246059 CEST358594853995.68.204.29192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:37.013434887 CEST485391025192.168.2.41.192.68.64
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:37.077986002 CEST1700648539218.93.206.90192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:37.104939938 CEST4019448539182.118.46.36192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:37.809900045 CEST485392668192.168.2.492.99.4.119
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:37.809905052 CEST485396881192.168.2.413.58.27.33
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:37.809906006 CEST485393510192.168.2.4190.87.168.1
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:37.809993029 CEST4853941858192.168.2.410.10.20.1
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:37.809993982 CEST485394445192.168.2.4180.97.220.148
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:37.809999943 CEST485393462192.168.2.4120.239.191.109
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:37.810034037 CEST4853951413192.168.2.4118.120.230.146
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:37.810102940 CEST485396881192.168.2.4176.9.62.188
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:37.973107100 CEST68814853913.58.27.33192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:38.018824100 CEST688148539176.9.62.188192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:38.019020081 CEST485394621192.168.2.4168.205.37.237
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:38.164215088 CEST5141348539118.120.230.146192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:38.164443970 CEST4853922728192.168.2.460.175.233.119
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:38.177263975 CEST26684853992.99.4.119192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:38.177587986 CEST4853929632192.168.2.4186.210.80.62
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:38.755880117 CEST485396889192.168.2.480.11.84.29
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:38.755918980 CEST4853957210192.168.2.458.246.190.130
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:38.755958080 CEST4853914652192.168.2.424.76.114.147
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:38.755986929 CEST4853961040192.168.2.492.253.30.176
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:38.756038904 CEST485397536192.168.2.4138.186.31.34
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:38.756072044 CEST485396881192.168.2.446.150.45.242
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:38.756150007 CEST4853950321192.168.2.445.162.74.202
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:39.149353981 CEST753648539138.186.31.34192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:39.149616957 CEST4853914057192.168.2.4108.253.94.176
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:39.771218061 CEST485391091192.168.2.4176.101.234.241
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:39.771306038 CEST4853957017192.168.2.4168.119.13.211
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:39.771351099 CEST4853938369192.168.2.4114.122.228.127
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:39.771403074 CEST4853942871192.168.2.4136.158.44.34
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:39.771411896 CEST4853954000192.168.2.4181.44.124.47
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:39.771426916 CEST485396697192.168.2.4120.235.11.56
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:39.771436930 CEST485396882192.168.2.4174.24.106.245
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:39.771464109 CEST4853951314192.168.2.486.90.231.43
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:39.771464109 CEST4853928006192.168.2.437.48.94.73
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:39.771481037 CEST485392668192.168.2.492.99.4.119
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:39.771481037 CEST4853951413192.168.2.4118.120.230.146
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:39.971075058 CEST280064853937.48.94.73192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:39.971358061 CEST4853938447192.168.2.466.81.169.64
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:40.001543999 CEST513144853986.90.231.43192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:40.001878977 CEST4853955184192.168.2.481.246.154.208
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:40.125943899 CEST5141348539118.120.230.146192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:40.126344919 CEST4853925022192.168.2.4178.16.172.230
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:40.131639957 CEST26684853992.99.4.119192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:40.131906986 CEST4853956429192.168.2.486.8.88.167
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:40.218122959 CEST551844853981.246.154.208192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:40.218404055 CEST485397335192.168.2.4168.90.7.194
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:40.357461929 CEST564294853986.8.88.167192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:40.358037949 CEST4853929685192.168.2.4183.199.66.241
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:40.456166029 CEST733548539168.90.7.194192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:40.678420067 CEST4853938338192.168.2.414.164.53.84
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:40.821861982 CEST4853915010192.168.2.424.119.185.238
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:40.821893930 CEST4853949568192.168.2.4222.92.122.210
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:40.822046041 CEST4853937000192.168.2.4106.195.44.38
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:40.822089911 CEST4853958297192.168.2.495.216.96.160
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:40.822118044 CEST485396881192.168.2.414.58.95.34
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:40.996961117 CEST150104853924.119.185.238192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:41.102169991 CEST68814853914.58.95.34192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:41.305882931 CEST485396881192.168.2.472.83.32.92
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:41.305989981 CEST4853913332192.168.2.4117.160.220.106
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:41.908749104 CEST4853949097192.168.2.4180.171.191.81
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:41.908832073 CEST4853937316192.168.2.4178.212.97.206
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:41.908900023 CEST485396881192.168.2.458.153.35.116
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:41.908934116 CEST485396881192.168.2.472.39.95.38
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:41.908994913 CEST4853914074192.168.2.4134.41.173.176
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:41.909025908 CEST4853920085192.168.2.458.84.135.6
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:41.909075022 CEST485391079192.168.2.4152.58.199.194
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:41.909157038 CEST4853954197192.168.2.4185.16.39.228
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:41.909207106 CEST485396881192.168.2.452.9.197.152
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:42.139148951 CEST5419748539185.16.39.228192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:42.248445988 CEST200854853958.84.135.6192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:42.248684883 CEST4853950614192.168.2.424.48.26.106
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:42.771276951 CEST485393910192.168.2.4162.55.243.114
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:42.771496058 CEST485396881192.168.2.4195.170.172.78
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:42.771481037 CEST485398020192.168.2.4106.253.208.41
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:42.771518946 CEST4853943429192.168.2.4216.247.36.123
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:42.771557093 CEST4853920482192.168.2.42.94.25.230
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:42.771713018 CEST4853923599192.168.2.497.73.128.6
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:42.976978064 CEST688148539195.170.172.78192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:43.032135963 CEST20482485392.94.25.230192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:43.035917997 CEST4853951184192.168.2.4146.70.175.68
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:43.035952091 CEST4853952007192.168.2.4152.58.19.88
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:43.107433081 CEST802048539106.253.208.41192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:43.107868910 CEST4853917855192.168.2.494.57.137.155
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:43.466705084 CEST178554853994.57.137.155192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:43.466967106 CEST485396295192.168.2.480.187.84.29
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:43.771275997 CEST4853927858192.168.2.4176.63.16.58
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:43.771328926 CEST4853952374192.168.2.4187.220.42.252
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:43.771382093 CEST4853947799192.168.2.492.184.121.249
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:43.771425009 CEST485396881192.168.2.415.204.0.70
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:43.771424055 CEST485396881192.168.2.452.9.197.152
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:43.771425009 CEST4853963080192.168.2.488.171.50.213
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:43.771464109 CEST4853911161192.168.2.4185.148.3.203
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:43.771507025 CEST485391385192.168.2.488.151.32.222
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:43.771522999 CEST4853951519192.168.2.4110.136.40.22
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:43.771553993 CEST4853919201192.168.2.487.236.30.53
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:43.771615028 CEST4853956429192.168.2.486.8.88.167
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:43.771636009 CEST485397335192.168.2.4168.90.7.194
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:43.771712065 CEST4853955184192.168.2.481.246.154.208
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:43.952256918 CEST68814853915.204.0.70192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:43.967080116 CEST733548539168.90.7.194192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:43.967329979 CEST4853956328192.168.2.4116.82.13.86
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:43.975482941 CEST13854853988.151.32.222192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:43.987566948 CEST551844853981.246.154.208192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:43.987890005 CEST4853961065192.168.2.4176.118.158.139
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:43.988441944 CEST564294853986.8.88.167192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:43.988581896 CEST485396885192.168.2.4140.249.254.113
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:44.003964901 CEST630804853988.171.50.213192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:44.004270077 CEST4853951315192.168.2.4190.143.250.136
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:44.015973091 CEST2785848539176.63.16.58192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:44.020529032 CEST192014853987.236.30.53192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:44.020714045 CEST4853962645192.168.2.4178.66.80.243
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:44.039792061 CEST5237448539187.220.42.252192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:44.040028095 CEST4853919087192.168.2.4138.117.194.160
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:44.220527887 CEST6106548539176.118.158.139192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:44.220760107 CEST4853918034192.168.2.4172.56.189.242
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:44.237972021 CEST5632848539116.82.13.86192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:44.238157988 CEST485396889192.168.2.458.70.79.100
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:44.273833990 CEST6264548539178.66.80.243192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:44.274293900 CEST4853949001192.168.2.45.137.16.35
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:44.313352108 CEST688548539140.249.254.113192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:44.313631058 CEST4853938077192.168.2.437.98.140.104
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:44.531018972 CEST380774853937.98.140.104192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:44.531317949 CEST4853963112192.168.2.4104.218.179.120
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:44.711823940 CEST6311248539104.218.179.120192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:44.712080002 CEST485395291192.168.2.4178.215.72.33
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:44.771395922 CEST4853951413192.168.2.4223.146.196.186
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:44.771524906 CEST4853952030192.168.2.4190.105.214.237
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:44.771615982 CEST4853923880192.168.2.4190.53.249.253
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:44.771652937 CEST4853928621192.168.2.473.22.92.243
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:44.771733046 CEST485396881192.168.2.4220.87.123.13
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:44.963429928 CEST529148539178.215.72.33192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:45.771305084 CEST4853912500192.168.2.450.46.15.159
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:45.771354914 CEST4853920996192.168.2.488.201.206.13
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:45.771368980 CEST4853922530192.168.2.4221.11.96.68
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:45.771383047 CEST485396881192.168.2.458.214.187.222
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:45.771459103 CEST4853947907192.168.2.4216.83.132.119
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:45.771459103 CEST4853952604192.168.2.4164.163.4.119
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:45.771496058 CEST4853918234192.168.2.4134.255.122.136
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:45.771522045 CEST485395281192.168.2.4166.175.188.96
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:45.771555901 CEST4853935746192.168.2.45.53.238.244
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:45.771604061 CEST4853915277192.168.2.4120.84.11.72
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:45.945903063 CEST125004853950.46.15.159192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:45.946501970 CEST4853954782192.168.2.4152.59.192.135
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:46.007546902 CEST1823448539134.255.122.136192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:46.013931036 CEST209964853988.201.206.13192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:46.014645100 CEST485391028192.168.2.4103.255.145.70
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:46.014698029 CEST4853962514192.168.2.4106.221.198.80
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:46.100815058 CEST68814853958.214.187.222192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:46.101155043 CEST4853937075192.168.2.484.27.192.135
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:46.755731106 CEST4853965200192.168.2.446.191.188.96
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:46.755759001 CEST485394446192.168.2.436.102.218.148
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:46.755801916 CEST4853914560192.168.2.497.120.118.206
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:46.947422028 CEST145604853997.120.118.206192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:46.947678089 CEST485396881192.168.2.470.29.77.188
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:47.771331072 CEST485396992192.168.2.454.77.218.23
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:47.771399021 CEST4853911706192.168.2.4186.206.255.46
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:47.771471024 CEST4853944965192.168.2.478.165.134.171
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:47.771488905 CEST485393041192.168.2.490.188.245.175
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:47.771559000 CEST4853914462192.168.2.4218.89.187.224
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:47.771570921 CEST485391024192.168.2.4186.132.53.84
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:47.771604061 CEST4853935407192.168.2.4156.146.51.131
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:47.771665096 CEST485396881192.168.2.4200.115.244.198
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:47.771684885 CEST4853919201192.168.2.487.236.30.53
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:47.771708965 CEST4853962645192.168.2.4178.66.80.243
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:47.771722078 CEST485396885192.168.2.4140.249.254.113
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:47.771735907 CEST4853961065192.168.2.4176.118.158.139
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:47.976757050 CEST69924853954.77.218.23192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:48.009368896 CEST6106548539176.118.158.139192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:48.009567022 CEST485397967192.168.2.4119.203.248.16
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:48.020356894 CEST192014853987.236.30.53192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:48.020653009 CEST485396881192.168.2.473.104.36.246
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:48.025904894 CEST6264548539178.66.80.243192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:48.026380062 CEST485396881192.168.2.45.29.209.61
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:48.081392050 CEST30414853990.188.245.175192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:48.082314968 CEST449654853978.165.134.171192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:48.082382917 CEST485397769192.168.2.494.158.59.37
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:48.082456112 CEST4853917451192.168.2.4190.238.59.37
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:48.095598936 CEST688548539140.249.254.113192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:48.097934008 CEST4853928001192.168.2.4212.7.201.32
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:48.149353981 CEST68814853973.104.36.246192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:48.149543047 CEST4853957210192.168.2.4218.62.100.135
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:48.287431955 CEST6881485395.29.209.61192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:48.287863016 CEST4853912914192.168.2.4181.41.227.179
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:48.291570902 CEST796748539119.203.248.16192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:48.291719913 CEST4853960977192.168.2.447.15.37.100
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:48.300964117 CEST2800148539212.7.201.32192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:48.303859949 CEST4853957210192.168.2.4175.163.66.39
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:48.605201960 CEST1291448539181.41.227.179192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:48.605398893 CEST4853932681192.168.2.445.142.112.53
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:48.755803108 CEST4853954782192.168.2.472.50.6.124
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:48.755887985 CEST4853933766192.168.2.4152.58.227.135
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:49.755717993 CEST4853953215192.168.2.496.51.108.10
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:49.755759954 CEST4853923154192.168.2.4102.141.52.2
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:49.755784988 CEST485396881192.168.2.4190.61.114.234
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:49.755829096 CEST4853937677192.168.2.458.60.1.21
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:49.755894899 CEST4853912896192.168.2.4106.220.129.21
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:49.755934954 CEST485392054192.168.2.4111.31.55.47
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:49.755960941 CEST485396881192.168.2.458.178.127.122
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:49.755995035 CEST4853950721192.168.2.4170.80.154.191
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:49.756040096 CEST485391138192.168.2.459.52.216.234
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:49.756103039 CEST4853919308192.168.2.45.8.228.246
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:49.756150007 CEST4853933813192.168.2.4181.209.151.242
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:49.756182909 CEST4853924790192.168.2.4201.17.83.212
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:50.019150972 CEST532154853996.51.108.10192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:50.019380093 CEST4853950137192.168.2.4114.31.184.107
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:50.019570112 CEST485396881192.168.2.4114.79.57.255
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:50.109184027 CEST11384853959.52.216.234192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:50.111911058 CEST4853946472192.168.2.471.174.226.33
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:50.121169090 CEST5072148539170.80.154.191192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:50.151576996 CEST68814853958.178.127.122192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:50.245881081 CEST464724853971.174.226.33192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:50.246186018 CEST4853953123192.168.2.4165.49.23.242
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:50.771419048 CEST485397745192.168.2.4186.194.20.53
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:50.771471977 CEST4853946329192.168.2.4201.75.1.154
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:51.234829903 CEST209964853988.201.206.13192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:51.330703020 CEST4632948539201.75.1.154192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:51.331227064 CEST485397574192.168.2.436.75.64.135
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:51.755647898 CEST485399842192.168.2.4120.29.97.230
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:51.755697966 CEST485398621192.168.2.479.155.167.123
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:51.755762100 CEST485394399192.168.2.4170.203.211.139
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:51.755784988 CEST485396881192.168.2.4157.97.23.242
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:51.755783081 CEST4853954747192.168.2.4146.19.24.47
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:51.755861998 CEST485391033192.168.2.4144.255.19.32
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:51.755873919 CEST4853919201192.168.2.487.236.30.53
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:51.755873919 CEST4853953318192.168.2.441.33.151.242
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:51.755897999 CEST485397967192.168.2.4119.203.248.16
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:51.755918026 CEST4853946472192.168.2.471.174.226.33
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:51.755928993 CEST485396881192.168.2.473.104.36.246
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:51.884705067 CEST68814853973.104.36.246192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:51.885130882 CEST485393004192.168.2.442.3.66.96
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:51.890826941 CEST464724853971.174.226.33192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:51.891036034 CEST4853917805192.168.2.483.198.205.119
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:51.988029003 CEST439948539170.203.211.139192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:52.005465031 CEST192014853987.236.30.53192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:52.006325960 CEST485396881192.168.2.483.227.149.165
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:52.011615992 CEST5474748539146.19.24.47192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:52.038463116 CEST796748539119.203.248.16192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:52.038702965 CEST4853918476192.168.2.4112.71.42.143
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:52.228163958 CEST30044853942.3.66.96192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:52.228722095 CEST4853915578192.168.2.4145.224.73.67
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:52.231939077 CEST68814853983.227.149.165192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:52.232235909 CEST4853911802192.168.2.4177.128.9.67
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:52.303617954 CEST1847648539112.71.42.143192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:52.303983927 CEST485391269192.168.2.473.137.58.71
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:52.304095984 CEST178054853983.198.205.119192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:52.304359913 CEST4853949195192.168.2.4197.0.201.67
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:52.771446943 CEST4853948303192.168.2.4120.188.38.163
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:52.771548986 CEST485399235192.168.2.4222.220.26.128
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:53.771368980 CEST4853938249192.168.2.4190.211.211.112
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:53.771408081 CEST4853951413192.168.2.451.171.56.61
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:53.771440983 CEST485396889192.168.2.4217.72.36.246
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:53.771506071 CEST4853957029192.168.2.445.65.215.242
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:53.771516085 CEST4853912200192.168.2.4103.149.159.175
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:53.771559954 CEST4853915377192.168.2.439.149.150.154
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:53.771617889 CEST485396881192.168.2.473.137.58.71
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:53.771684885 CEST4853940273192.168.2.4109.224.73.67
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:53.771749020 CEST485398112192.168.2.437.201.186.71
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:53.771857977 CEST4853950159192.168.2.4181.57.122.71
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:54.068392038 CEST5015948539181.57.122.71192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:54.068687916 CEST485392548192.168.2.4145.224.73.67
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:54.138230085 CEST153774853939.149.150.154192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:54.198909044 CEST1220048539103.149.159.175192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:54.755835056 CEST485396881192.168.2.454.70.174.84
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:54.755920887 CEST4853915613192.168.2.4188.190.92.147
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:54.945935011 CEST68814853954.70.174.84192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:54.995992899 CEST1561348539188.190.92.147192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:54.996282101 CEST4853962174192.168.2.4218.103.188.155
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:55.771596909 CEST4853946588192.168.2.4103.117.31.159
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:55.771662951 CEST485396881192.168.2.454.214.105.212
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:55.771698952 CEST4853943620192.168.2.475.140.108.171
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:55.771698952 CEST4853937000192.168.2.4157.48.73.67
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:55.771699905 CEST485396882192.168.2.454.194.124.68
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:55.771748066 CEST485398113192.168.2.437.201.186.71
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:55.771790028 CEST485396881192.168.2.4188.143.209.11
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:55.771809101 CEST485396881192.168.2.494.190.5.69
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:55.771857977 CEST4853951413192.168.2.481.13.147.127
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:55.771984100 CEST485396889192.168.2.4165.228.220.187
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:55.997440100 CEST514134853981.13.147.127192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:55.997772932 CEST485396881192.168.2.499.127.54.255
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:56.023149014 CEST68814853994.190.5.69192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:56.023494005 CEST485397710192.168.2.459.14.113.186
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:56.107542038 CEST688948539165.228.220.187192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:56.107798100 CEST4853925983192.168.2.4181.31.165.243
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:56.114478111 CEST688148539188.143.209.11192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:56.114762068 CEST4853925724192.168.2.4183.197.20.167
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:56.218750954 CEST68814853999.127.54.255192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:56.219048977 CEST4853915547192.168.2.4169.224.3.44
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:56.338241100 CEST68824853954.194.124.68192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:56.373620987 CEST2598348539181.31.165.243192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:56.373884916 CEST4853911161192.168.2.4208.87.240.21
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:56.543792009 CEST1116148539208.87.240.21192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:56.576611996 CEST2572448539183.197.20.167192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:56.578210115 CEST4853912165192.168.2.494.23.249.222
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:56.755886078 CEST4853933837192.168.2.4186.224.152.92
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:56.789387941 CEST68814853954.214.105.212192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:56.828044891 CEST121654853994.23.249.222192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:56.981883049 CEST3383748539186.224.152.92192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:57.755750895 CEST4853946727192.168.2.479.116.216.234
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:57.755856991 CEST4853958256192.168.2.4157.48.137.67
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:57.755903959 CEST485398212192.168.2.4213.24.125.2
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:57.755935907 CEST4853941009192.168.2.481.242.222.61
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:57.756037951 CEST4853920698192.168.2.4189.34.199.201
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:57.756125927 CEST4853910240192.168.2.494.72.103.207
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:57.756133080 CEST4853931990192.168.2.437.243.192.140
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:57.756133080 CEST4853935328192.168.2.437.187.75.111
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:57.756177902 CEST485396339192.168.2.4178.170.48.154
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:57.756242037 CEST485396881192.168.2.4148.135.56.150
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:57.964533091 CEST410094853981.242.222.61192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:57.964818954 CEST4853948020192.168.2.439.149.90.27
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:57.983712912 CEST2069848539189.34.199.201192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:57.983939886 CEST4853927059192.168.2.45.184.125.2
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:57.989907026 CEST353284853937.187.75.111192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:58.019305944 CEST821248539213.24.125.2192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:58.019500971 CEST485396926192.168.2.4117.217.58.71
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:58.080332994 CEST319904853937.243.192.140192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:58.341959953 CEST485396881192.168.2.418.218.241.3
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:58.471424103 CEST68814853918.218.241.3192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:59.755723953 CEST4853963424192.168.2.4193.233.122.71
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:59.755808115 CEST485396881192.168.2.495.86.197.251
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:59.755815029 CEST4853937000192.168.2.4157.48.131.44
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:59.755873919 CEST485393642192.168.2.427.154.26.125
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:59.755892992 CEST4853957725192.168.2.4185.215.167.200
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:59.755922079 CEST4853931083192.168.2.491.151.136.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:59.755975962 CEST485395063192.168.2.4181.225.142.6
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:59.756002903 CEST4853918355192.168.2.4211.62.251.213
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:59.756035089 CEST485396881192.168.2.494.190.5.69
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:59.756052971 CEST485396881192.168.2.4188.143.209.11
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:59.756113052 CEST4853951413192.168.2.481.13.147.127
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:59.756124973 CEST4853914553192.168.2.431.10.174.45
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:59.980384111 CEST514134853981.13.147.127192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:59.980637074 CEST4853913651192.168.2.4189.63.227.214
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:00.006305933 CEST68814853995.86.197.251192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:00.006463051 CEST4853911159192.168.2.4185.148.3.203
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:00.006647110 CEST68814853994.190.5.69192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:00.007076025 CEST4853956490192.168.2.445.177.2.76
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:00.139066935 CEST145534853931.10.174.45192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:00.139334917 CEST485399514192.168.2.4187.22.131.222
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:00.228878975 CEST1365148539189.63.227.214192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:00.229116917 CEST485398205192.168.2.4223.182.3.222
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:00.242914915 CEST1115948539185.148.3.203192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:00.261153936 CEST688148539188.143.209.11192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:00.261370897 CEST4853951996192.168.2.4152.167.182.183
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:00.453131914 CEST951448539187.22.131.222192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:00.453466892 CEST4853950735192.168.2.4152.167.182.183
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:00.468619108 CEST3700048539157.48.131.44192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:00.468838930 CEST485396881192.168.2.4202.61.240.22
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:00.623516083 CEST820548539223.182.3.222192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:00.623732090 CEST485396992192.168.2.454.194.135.233
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:00.703350067 CEST688148539202.61.240.22192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:01.755742073 CEST4853962394192.168.2.4123.23.200.209
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:01.755785942 CEST485396339192.168.2.4178.170.48.154
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:01.755781889 CEST4853910240192.168.2.431.220.87.153
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:01.755841017 CEST4853925292192.168.2.4189.182.28.152
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:01.755873919 CEST4853959621192.168.2.4131.161.29.10
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:01.755947113 CEST485396881192.168.2.4101.91.114.48
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:01.755942106 CEST485391912192.168.2.495.214.52.159
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:01.755980015 CEST485396883192.168.2.449.12.86.202
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:01.756031990 CEST485391912192.168.2.495.214.52.159
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:01.756045103 CEST485396881192.168.2.418.188.31.0
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:01.756071091 CEST485391608192.168.2.451.36.141.84
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:02.006479979 CEST19124853995.214.52.159192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:02.006568909 CEST19124853995.214.52.159192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:02.034229994 CEST68814853918.188.31.0192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:02.057476997 CEST688148539101.91.114.48192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:02.879463911 CEST5962148539131.161.29.10192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:02.879843950 CEST4853951102192.168.2.45.107.180.205
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:02.879908085 CEST4853943357192.168.2.4171.76.245.95
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:03.771388054 CEST4853947086192.168.2.4185.82.199.201
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:03.771631956 CEST485396881192.168.2.4197.33.132.105
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:03.771730900 CEST4853925273192.168.2.4103.85.36.148
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:03.771756887 CEST4853943069192.168.2.467.188.191.48
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:03.771800041 CEST4853956743192.168.2.4217.27.120.135
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:03.771841049 CEST4853949527192.168.2.449.34.139.131
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:03.771872044 CEST4853922302192.168.2.4223.194.196.109
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:03.771934032 CEST4853956107192.168.2.4211.141.120.117
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:03.771980047 CEST4853944299192.168.2.4188.73.239.131
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:03.771989107 CEST4853925285192.168.2.4211.103.112.139
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:03.772046089 CEST4853952838192.168.2.495.8.96.167
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:03.772049904 CEST4853958255192.168.2.469.138.242.1
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:03.772074938 CEST4853930047192.168.2.45.138.125.33
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:03.903985023 CEST582554853969.138.242.1192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:03.904431105 CEST4853937789192.168.2.4177.50.201.96
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:04.033073902 CEST30047485395.138.125.33192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:04.033227921 CEST4853917055192.168.2.4115.22.129.61
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:04.164659977 CEST528384853995.8.96.167192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:04.164956093 CEST485391867192.168.2.4119.111.242.57
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:04.203452110 CEST688148539197.33.132.105192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:04.203654051 CEST485396881192.168.2.435.155.156.153
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:04.410928965 CEST68814853935.155.156.153192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:04.771420002 CEST4853933957192.168.2.4131.161.29.10
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:05.003659964 CEST3395748539131.161.29.10192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:05.006053925 CEST485397735192.168.2.462.45.105.29
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:05.006223917 CEST4853943997192.168.2.45.107.180.205
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:05.771435976 CEST485396339192.168.2.4178.170.48.154
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:05.771511078 CEST4853917119192.168.2.4113.74.127.194
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:05.771550894 CEST4853911739192.168.2.424.50.234.162
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:05.771559954 CEST485391189192.168.2.4109.202.63.194
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:05.771550894 CEST4853912540192.168.2.4181.43.120.135
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:05.771589994 CEST4853938699192.168.2.491.165.10.17
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:05.771650076 CEST485396881192.168.2.4189.48.199.234
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:05.771689892 CEST4853951413192.168.2.431.21.6.105
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:05.771697044 CEST4853914466192.168.2.4177.105.244.238
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:05.771714926 CEST4853953923192.168.2.4179.255.242.57
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:05.771745920 CEST4853922976192.168.2.4178.49.194.39
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:06.041824102 CEST2297648539178.49.194.39192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:06.043946028 CEST4853956120192.168.2.487.196.75.113
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:06.058420897 CEST117394853924.50.234.162192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:07.755842924 CEST4853955129192.168.2.4191.156.63.194
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:07.755867958 CEST4853938782192.168.2.4191.156.48.15
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:07.755923986 CEST4853955681192.168.2.4157.35.76.198
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:07.755978107 CEST4853960922192.168.2.437.211.76.198
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:07.756016970 CEST4853918550192.168.2.4223.78.80.48
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:07.756068945 CEST4853944652192.168.2.4181.46.166.112
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:07.756095886 CEST485394446192.168.2.441.90.189.33
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:07.756103992 CEST4853951413192.168.2.4129.146.58.250
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:07.756144047 CEST4853925285192.168.2.4211.103.112.139
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:07.756159067 CEST4853931537192.168.2.4181.232.243.171
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:07.756162882 CEST4853958255192.168.2.469.138.242.1
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:07.756160021 CEST4853930047192.168.2.45.138.125.33
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:07.756181002 CEST4853952838192.168.2.495.8.96.167
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:07.889329910 CEST582554853969.138.242.1192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:07.889606953 CEST4853941379192.168.2.431.17.253.25
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:07.906018019 CEST5141348539129.146.58.250192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:07.909362078 CEST485398410192.168.2.4111.58.86.109
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:08.009860992 CEST4465248539181.46.166.112192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:08.012798071 CEST4853937580192.168.2.4181.232.179.171
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:08.017322063 CEST30047485395.138.125.33192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:08.019521952 CEST4853947203192.168.2.4174.126.156.240
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:08.034857035 CEST528384853995.8.96.167192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:08.035048008 CEST4853939233192.168.2.45.133.93.58
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:08.119919062 CEST413794853931.17.253.25192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:08.120147943 CEST485395073192.168.2.4187.73.201.88
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:08.209022999 CEST4720348539174.126.156.240192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:08.209376097 CEST4853951413192.168.2.484.197.223.204
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:08.263336897 CEST39233485395.133.93.58192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:08.263577938 CEST4853920231192.168.2.431.208.186.92
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:08.487803936 CEST202314853931.208.186.92192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:08.488260984 CEST4853923438192.168.2.483.233.137.88
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:09.755789995 CEST4853911870192.168.2.4177.35.204.198
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:09.756088972 CEST4853951765192.168.2.4185.218.127.194
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:09.756150961 CEST4853951413192.168.2.4153.151.226.28
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:09.756186962 CEST485394132192.168.2.495.57.101.1
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:09.756217957 CEST4853928111192.168.2.4184.145.224.229
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:09.756236076 CEST4853961027192.168.2.4213.91.250.100
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:09.756258965 CEST4853943198192.168.2.445.94.208.26
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:09.756297112 CEST4853926016192.168.2.436.102.218.217
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:09.756335020 CEST4853914553192.168.2.431.10.174.45
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:09.756350040 CEST4853916520192.168.2.4119.249.201.88
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:09.756396055 CEST485399223192.168.2.437.111.143.143
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:09.756429911 CEST4853911675192.168.2.449.207.207.143
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:09.999510050 CEST1187048539177.35.204.198192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:09.999794960 CEST4853957210192.168.2.427.214.236.103
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:10.005269051 CEST145534853931.10.174.45192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:10.005844116 CEST4853914160192.168.2.427.224.235.174
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:10.066294909 CEST41324853995.57.101.1192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:10.079662085 CEST4853955490192.168.2.4110.18.98.146
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:10.091006041 CEST5141348539153.151.226.28192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:10.091249943 CEST4853910073192.168.2.441.249.182.13
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:11.773550987 CEST4853954523192.168.2.4119.13.62.80
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:11.773650885 CEST485392327192.168.2.4177.192.7.234
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:11.773684978 CEST4853916427192.168.2.437.19.206.37
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:11.773753881 CEST4853927104192.168.2.4195.154.172.179
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:11.773767948 CEST4853951449192.168.2.4197.238.200.202
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:11.773857117 CEST485396881192.168.2.465.108.78.54
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:11.773854971 CEST485395839192.168.2.4117.14.136.202
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:11.773946047 CEST4853945079192.168.2.4177.222.36.147
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:11.773976088 CEST4853951413192.168.2.481.13.147.127
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:11.774003029 CEST4853952395192.168.2.4181.174.228.147
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:11.774025917 CEST485396881192.168.2.465.108.78.54
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:11.774066925 CEST4853920231192.168.2.431.208.186.92
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:11.774084091 CEST4853947203192.168.2.4174.126.156.240
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:11.774085045 CEST4853941379192.168.2.431.17.253.25
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:11.774157047 CEST4853939233192.168.2.45.133.93.58
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:11.963310957 CEST4720348539174.126.156.240192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:11.963562965 CEST4853962004192.168.2.483.233.192.89
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:11.987591982 CEST68814853965.108.78.54192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:11.987780094 CEST68814853965.108.78.54192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:11.998161077 CEST413794853931.17.253.25192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:11.998294115 CEST202314853931.208.186.92192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:11.998430967 CEST485396880192.168.2.4219.109.62.39
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:11.998470068 CEST4853925533192.168.2.478.37.60.219
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:12.001003981 CEST514134853981.13.147.127192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:12.001113892 CEST4853957210192.168.2.439.170.9.113
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:12.003422976 CEST39233485395.133.93.58192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:12.003555059 CEST4853957047192.168.2.4185.21.216.144
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:12.211354971 CEST5704748539185.21.216.144192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:12.216141939 CEST4853961275192.168.2.45.129.13.104
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:12.276774883 CEST255334853978.37.60.219192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:12.277559042 CEST688048539219.109.62.39192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:12.277908087 CEST485396400192.168.2.4185.16.138.45
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:12.277996063 CEST485398999192.168.2.495.156.116.210
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:12.479202986 CEST61275485395.129.13.104192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:12.479448080 CEST4853938157192.168.2.4177.245.153.11
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:12.532705069 CEST640048539185.16.138.45192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:12.533000946 CEST4853943509192.168.2.485.49.141.104
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:12.563560963 CEST89994853995.156.116.210192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:12.563890934 CEST485392964192.168.2.4105.161.141.104
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:12.680488110 CEST2710448539195.154.172.179192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:12.684001923 CEST4853943109192.168.2.4191.3.115.147
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:12.729948997 CEST3815748539177.245.153.11192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:12.954632044 CEST435094853985.49.141.104192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:12.956171989 CEST4853910240192.168.2.4107.189.4.51
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:13.755776882 CEST485396889192.168.2.4165.228.220.187
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:13.755893946 CEST4853938096192.168.2.437.204.6.64
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:13.756000996 CEST4853945858192.168.2.449.204.198.64
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:13.756063938 CEST4853936141192.168.2.449.172.134.64
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:13.756072998 CEST485393751192.168.2.4152.53.34.217
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:13.756133080 CEST485399342192.168.2.41.36.251.18
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:13.756181955 CEST4853910758192.168.2.488.151.32.222
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:13.756198883 CEST485396881192.168.2.4202.61.240.22
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:13.955328941 CEST107584853988.151.32.222192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:13.974430084 CEST375148539152.53.34.217192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:13.989861965 CEST380964853937.204.6.64192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:14.075491905 CEST688948539165.228.220.187192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:14.075886011 CEST4853917023192.168.2.4189.63.161.53
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:14.075923920 CEST4853951413192.168.2.437.151.197.233
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:14.076003075 CEST4853956610192.168.2.4177.215.85.116
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:14.089895010 CEST9342485391.36.251.18192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:14.101550102 CEST458584853949.204.198.64192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:14.101855040 CEST4853924756192.168.2.4223.233.73.88
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:14.101903915 CEST4853951413192.168.2.4119.112.241.33
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:14.312938929 CEST5661048539177.215.85.116192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:14.313374043 CEST485396454192.168.2.4185.192.71.234
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:14.313498974 CEST485392631192.168.2.4193.168.179.171
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:14.384906054 CEST514134853937.151.197.233192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:14.756597042 CEST485396881192.168.2.4195.170.172.78
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:16.100686073 CEST485396881192.168.2.418.221.7.72
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:16.100739956 CEST485396881192.168.2.454.214.62.31
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:16.100778103 CEST4853917731192.168.2.436.102.218.196
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:16.100887060 CEST4853950881192.168.2.4157.45.193.5
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:16.100934029 CEST4853958048192.168.2.4146.158.2.27
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:16.100970030 CEST4853957047192.168.2.4185.21.216.144
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:16.100975990 CEST485396024192.168.2.45.228.114.1
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:16.100986958 CEST485398999192.168.2.495.156.116.210
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:16.101058960 CEST4853961275192.168.2.45.129.13.104
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:16.309237003 CEST5704748539185.21.216.144192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:16.317583084 CEST68814853954.214.62.31192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:16.356750011 CEST485396880192.168.2.418.116.128.220
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:16.364115000 CEST61275485395.129.13.104192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:16.364460945 CEST4853951413192.168.2.4122.195.111.6
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:16.387720108 CEST89994853995.156.116.210192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:16.388051987 CEST4853920617192.168.2.4104.34.45.24
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:16.403841972 CEST5804848539146.158.2.27192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:16.404051065 CEST4853913117192.168.2.4217.165.153.147
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:16.484426022 CEST68804853918.116.128.220192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:16.490094900 CEST4853944835192.168.2.4177.245.152.110
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:16.553394079 CEST2061748539104.34.45.24192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:16.603281021 CEST485396881192.168.2.485.148.69.193
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:16.691224098 CEST5141348539122.195.111.6192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:16.739470005 CEST1311748539217.165.153.147192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:16.822442055 CEST68814853985.148.69.193192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:16.845642090 CEST4483548539177.245.152.110192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:17.041891098 CEST485399010192.168.2.4184.56.71.32
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:17.042141914 CEST485396881192.168.2.4179.152.249.221
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:17.042208910 CEST4853926275192.168.2.4103.212.214.205
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:17.042560101 CEST4853959169192.168.2.447.29.165.201
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:17.072846889 CEST4853936206192.168.2.445.232.190.108
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:17.181041002 CEST901048539184.56.71.32192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:17.181294918 CEST4853924737192.168.2.4178.184.48.142
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:17.243108034 CEST688148539179.152.249.221192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:17.243343115 CEST4853921113192.168.2.487.103.13.66
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:17.733328104 CEST68814853918.221.7.72192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:17.755713940 CEST4853964326192.168.2.439.130.102.199
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:17.755880117 CEST485396891192.168.2.451.75.78.69
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:17.755961895 CEST4853949235192.168.2.437.153.57.41
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:17.756037951 CEST485396881192.168.2.447.34.244.214
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:17.756108999 CEST4853920863192.168.2.4169.224.105.80
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:17.920464039 CEST68814853947.34.244.214192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:17.963372946 CEST68914853951.75.78.69192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:18.237112045 CEST2086348539169.224.105.80192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:18.238044024 CEST4853952864192.168.2.45.53.117.68
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:18.755815983 CEST485396881192.168.2.427.72.88.231
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:18.755865097 CEST4853951413192.168.2.4177.139.54.232
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:18.755935907 CEST4853918879192.168.2.4145.224.74.45
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:18.755961895 CEST4853952720192.168.2.4189.106.228.91
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:18.756016016 CEST4853929828192.168.2.4121.27.251.162
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:19.106508017 CEST5272048539189.106.228.91192.168.2.4
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:19.106897116 CEST4853948108192.168.2.449.43.163.30

                                                                                                                                                                                                                                              ICMP Packets

                                                                                                                                                                                                                                              TimestampSource IPDest IPChecksumCodeType
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:39.673306942 CEST192.168.2.1192.168.2.48278(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:39.673369884 CEST192.168.2.1192.168.2.48278(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.511380911 CEST192.168.2.1192.168.2.48278(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.511421919 CEST192.168.2.1192.168.2.48278(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.511445999 CEST192.168.2.1192.168.2.4826e(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.171263933 CEST39.170.9.113192.168.2.4f144(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:30.990911961 CEST45.188.17.101192.168.2.4ff4a(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:32.451214075 CEST197.184.176.1192.168.2.46834(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:35.106184959 CEST120.0.60.242192.168.2.4751c(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:36.288809061 CEST50.47.220.64192.168.2.4ce99(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:38.166624069 CEST120.239.191.109192.168.2.4f886(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:38.404839993 CEST186.210.80.62192.168.2.4cb3a(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:38.515012026 CEST60.175.233.119192.168.2.4e650(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:40.059539080 CEST176.101.234.241192.168.2.4ce05(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:40.189141989 CEST120.235.11.56192.168.2.4444d(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:40.189311028 CEST66.81.169.64192.168.2.4abbb(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:40.321286917 CEST178.16.172.230192.168.2.41f1a(Unknown)Destination Unreachable
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:45.035864115 CEST190.105.214.237192.168.2.45581(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:46.360224009 CEST103.255.145.70192.168.2.4b96f(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:47.117574930 CEST36.102.218.148192.168.2.4bf24(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:47.185086012 CEST190.143.250.136192.168.2.47208(Host unreachable)Destination Unreachable
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:48.138914108 CEST218.89.187.224192.168.2.45664(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:50.411931038 CEST106.220.129.21192.168.2.4ac1b(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:50.619843960 CEST165.49.23.242192.168.2.47d4d(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:52.463567019 CEST177.128.9.67192.168.2.47aed(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                              Apr 23, 2024 05:41:54.000186920 CEST45.65.215.242192.168.2.4c55d(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:02.045361042 CEST51.36.141.84192.168.2.480a2(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:03.945720911 CEST67.188.191.48192.168.2.4c316(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:05.341454029 CEST5.107.180.205192.168.2.47a62(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:06.108325005 CEST113.74.127.194192.168.2.4b136(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:08.138889074 CEST211.103.112.139192.168.2.441d(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:08.268831015 CEST111.58.86.109192.168.2.485d1(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:08.367260933 CEST187.73.201.88192.168.2.444cc(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:11.961283922 CEST181.174.228.147192.168.2.45a6c(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:12.085161924 CEST49.207.207.143192.168.2.4c18a(Host unreachable)Destination Unreachable
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:12.090456963 CEST117.14.136.202192.168.2.4be02(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:12.497040987 CEST39.170.9.113192.168.2.4f144(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:17.267725945 CEST45.232.190.108192.168.2.4ac7e(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:18.122677088 CEST39.130.102.199192.168.2.4518d(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:18.146800041 CEST5.228.114.1192.168.2.4413a(Host unreachable)Destination Unreachable
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:19.034327984 CEST145.224.74.45192.168.2.4b3b2(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                              Apr 23, 2024 05:42:19.490706921 CEST49.43.163.30192.168.2.49473(Port unreachable)Destination Unreachable

                                                                                                                                                                                                                                              DNS Queries

                                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:16.077192068 CEST192.168.2.41.1.1.10x42a4Standard query (0)update.utorrent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:16.077301025 CEST192.168.2.41.1.1.10x5bb3Standard query (0)update.bittorrent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:33.125353098 CEST192.168.2.41.1.1.10xc319Standard query (0)apps.bittorrent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.378340006 CEST192.168.2.41.1.1.10x96a5Standard query (0)update.bittorrent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.549325943 CEST192.168.2.41.1.1.10x95a9Standard query (0)router.bittorrent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.663568020 CEST192.168.2.41.1.1.10xdf70Standard query (0)router.utorrent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.771544933 CEST192.168.2.41.1.1.10x9cadStandard query (0)www.bittorrent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.162127018 CEST192.168.2.41.1.1.10xb331Standard query (0)www.mininova.orgA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                              DNS Answers

                                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:16.183214903 CEST1.1.1.1192.168.2.40x42a4No error (0)update.utorrent.com67.215.246.203A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:16.183275938 CEST1.1.1.1192.168.2.40x5bb3No error (0)update.bittorrent.com173.254.195.58A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:33.292618990 CEST1.1.1.1192.168.2.40xc319No error (0)apps.bittorrent.combittorrent-1.hs.llnwd.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:33.292618990 CEST1.1.1.1192.168.2.40xc319No error (0)bittorrent-1.hs.llnwd.net208.111.131.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:33.292618990 CEST1.1.1.1192.168.2.40xc319No error (0)bittorrent-1.hs.llnwd.net69.164.42.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.547491074 CEST1.1.1.1192.168.2.40x96a5No error (0)update.bittorrent.com173.254.195.58A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.655405998 CEST1.1.1.1192.168.2.40x95a9No error (0)router.bittorrent.com67.215.246.10A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.769438028 CEST1.1.1.1192.168.2.40xdf70No error (0)router.utorrent.com82.221.103.244A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.928901911 CEST1.1.1.1192.168.2.40x9cadNo error (0)www.bittorrent.comd3uao53cqpzd42.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.928901911 CEST1.1.1.1192.168.2.40x9cadNo error (0)d3uao53cqpzd42.cloudfront.net99.86.228.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.462219000 CEST1.1.1.1192.168.2.40xb331No error (0)www.mininova.orgmininova.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.462219000 CEST1.1.1.1192.168.2.40xb331No error (0)mininova.org188.166.49.116A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                              HTTP Request Dependency Graph

                                                                                                                                                                                                                                              • slscr.update.microsoft.com
                                                                                                                                                                                                                                              • www.bittorrent.com
                                                                                                                                                                                                                                              • update.utorrent.com
                                                                                                                                                                                                                                              • apps.bittorrent.com
                                                                                                                                                                                                                                              • www.mininova.org

                                                                                                                                                                                                                                              HTTP Packets

                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              0192.168.2.44973367.215.246.203806508C:\Users\user\Desktop\BitTorrent-7.6.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:16.343780994 CEST239OUTGET /installoffer.php?h=LGrCdlzYZ6xdNXqD&v=247556090&w=23F00206&l=en&c=CH&w64=1&db=iexplore.exe&cl=BitTorrent&svp=4 HTTP/1.1
                                                                                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                                                                                              User-Agent: BitTorrent/7600(26618)
                                                                                                                                                                                                                                              Host: update.utorrent.com
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:16.501842022 CEST388INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Server: nginx/1.4.7
                                                                                                                                                                                                                                              Date: Tue, 23 Apr 2024 03:40:16 GMT
                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              X-Powered-By: PHP/5.4.30
                                                                                                                                                                                                                                              Expires: Thu, 21 Jul 1980 00:00:00 GMT
                                                                                                                                                                                                                                              Cache-Control: private
                                                                                                                                                                                                                                              Last-Modified: Tue, 23 Apr 2024 03:40:16 GMT
                                                                                                                                                                                                                                              Data Raw: 35 63 0d 0a 64 31 36 3a 73 65 63 6f 6e 64 61 72 79 5f 6f 66 66 65 72 73 6c 32 3a 6f 63 65 32 3a 6f 63 69 31 65 33 3a 61 64 6b 69 31 65 31 33 3a 74 6f 6f 6c 62 61 72 5f 63 6f 75 6e 74 69 30 65 34 3a 63 74 69 64 30 3a 32 3a 74 73 69 31 37 31 33 38 34 33 36 31 36 65 31 3a 63 32 3a 72 6f 65 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                              Data Ascii: 5cd16:secondary_offersl2:oce2:oci1e3:adki1e13:toolbar_counti0e4:ctid0:2:tsi1713843616e1:c2:roe0


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              1192.168.2.449735208.111.131.209806508C:\Users\user\Desktop\BitTorrent-7.6.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:33.397933006 CEST161OUTGET /utorrent-onboarding/player.btapp HTTP/1.1
                                                                                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                                                                                              User-Agent: BitTorrent/7600(26618)
                                                                                                                                                                                                                                              Host: apps.bittorrent.com
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:33.503288984 CEST623INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                              x-amz-request-id: M5CBEPFGKQMANW2P
                                                                                                                                                                                                                                              x-amz-id-2: d/dKlVztzrj0LHGN9mpZuBfEPTeb7+A8hTbRg61U8QuPT3f9Z+3XFLgcQDTusK1RcHfEIwzajas=
                                                                                                                                                                                                                                              Content-Type: application/xml
                                                                                                                                                                                                                                              Server: AmazonS3
                                                                                                                                                                                                                                              Age: 1320
                                                                                                                                                                                                                                              Date: Tue, 23 Apr 2024 03:40:33 GMT
                                                                                                                                                                                                                                              Expires: Tue, 23 Apr 2024 03:48:41 GMT
                                                                                                                                                                                                                                              X-LLID: 703f882f0c7ea4a38c753c944e06dc31
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Cache-Control: max-age=86400
                                                                                                                                                                                                                                              Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 41 63 63 65 73 73 44 65 6e 69 65 64 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 4d 65 73 73 61 67 65 3e 3c 52 65 71 75 65 73 74 49 64 3e 4d 35 43 42 45 50 46 47 4b 51 4d 41 4e 57 32 50 3c 2f 52 65 71 75 65 73 74 49 64 3e 3c 48 6f 73 74 49 64 3e 64 2f 64 4b 6c 56 7a 74 7a 72 6a 30 4c 48 47 4e 39 6d 70 5a 75 42 66 45 50 54 65 62 37 2b 41 38 68 54 62 52 67 36 31 55 38 51 75 50 54 33 66 39 5a 2b 33 58 46 4c 67 63 51 44 54 75 73 4b 31 52 63 48 66 45 49 77 7a 61 6a 61 73 3d 3c 2f 48 6f 73 74 49 64 3e 3c 2f 45 72 72 6f 72 3e
                                                                                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>M5CBEPFGKQMANW2P</RequestId><HostId>d/dKlVztzrj0LHGN9mpZuBfEPTeb7+A8hTbRg61U8QuPT3f9Z+3XFLgcQDTusK1RcHfEIwzajas=</HostId></Error>


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              2192.168.2.449736208.111.131.209806508C:\Users\user\Desktop\BitTorrent-7.6.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:33.398303986 CEST162OUTGET /utorrent-onboarding/welcome.btapp HTTP/1.1
                                                                                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                                                                                              User-Agent: BitTorrent/7600(26618)
                                                                                                                                                                                                                                              Host: apps.bittorrent.com
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:33.503390074 CEST622INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                              x-amz-request-id: QWGCP9B9QC08ZZCM
                                                                                                                                                                                                                                              x-amz-id-2: 09o/CZN6D1uMIux8bnZQOeVz62oUcc0g1UPLk6oAufWjpD+ozP1JvYb2R06tY5uj/JvO4oePKU4=
                                                                                                                                                                                                                                              Content-Type: application/xml
                                                                                                                                                                                                                                              Server: AmazonS3
                                                                                                                                                                                                                                              Age: 160
                                                                                                                                                                                                                                              Date: Tue, 23 Apr 2024 03:40:33 GMT
                                                                                                                                                                                                                                              Expires: Tue, 23 Apr 2024 04:07:53 GMT
                                                                                                                                                                                                                                              X-LLID: 6a0a4ad5c3908ce90accb635c9be1613
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Cache-Control: max-age=86400
                                                                                                                                                                                                                                              Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 41 63 63 65 73 73 44 65 6e 69 65 64 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 4d 65 73 73 61 67 65 3e 3c 52 65 71 75 65 73 74 49 64 3e 51 57 47 43 50 39 42 39 51 43 30 38 5a 5a 43 4d 3c 2f 52 65 71 75 65 73 74 49 64 3e 3c 48 6f 73 74 49 64 3e 30 39 6f 2f 43 5a 4e 36 44 31 75 4d 49 75 78 38 62 6e 5a 51 4f 65 56 7a 36 32 6f 55 63 63 30 67 31 55 50 4c 6b 36 6f 41 75 66 57 6a 70 44 2b 6f 7a 50 31 4a 76 59 62 32 52 30 36 74 59 35 75 6a 2f 4a 76 4f 34 6f 65 50 4b 55 34 3d 3c 2f 48 6f 73 74 49 64 3e 3c 2f 45 72 72 6f 72 3e
                                                                                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>QWGCP9B9QC08ZZCM</RequestId><HostId>09o/CZN6D1uMIux8bnZQOeVz62oUcc0g1UPLk6oAufWjpD+ozP1JvYb2R06tY5uj/JvO4oePKU4=</HostId></Error>


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              3192.168.2.449737208.111.131.209806508C:\Users\user\Desktop\BitTorrent-7.6.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:33.608187914 CEST162OUTGET /utorrent-onboarding/plus-bt.btapp HTTP/1.1
                                                                                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                                                                                              User-Agent: BitTorrent/7600(26618)
                                                                                                                                                                                                                                              Host: apps.bittorrent.com
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:33.869086981 CEST572INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                              x-amz-request-id: JV4VTGGNP1AWRT6Q
                                                                                                                                                                                                                                              x-amz-id-2: CEAf4RR4MbCCJeuoelNAMdrTi8nPA+V8nz+9uwT/g4XtDGK7LjFabErPNEk3L32uIR6lxrevF3g=
                                                                                                                                                                                                                                              Content-Type: application/xml
                                                                                                                                                                                                                                              Date: Tue, 23 Apr 2024 03:40:33 GMT
                                                                                                                                                                                                                                              Server: AmazonS3
                                                                                                                                                                                                                                              X-LLID: a8e1107f6718f4ed57bf3e574b5feeb9
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Cache-Control: max-age=86400
                                                                                                                                                                                                                                              Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 41 63 63 65 73 73 44 65 6e 69 65 64 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 4d 65 73 73 61 67 65 3e 3c 52 65 71 75 65 73 74 49 64 3e 4a 56 34 56 54 47 47 4e 50 31 41 57 52 54 36 51 3c 2f 52 65 71 75 65 73 74 49 64 3e 3c 48 6f 73 74 49 64 3e 43 45 41 66 34 52 52 34 4d 62 43 43 4a 65 75 6f 65 6c 4e 41 4d 64 72 54 69 38 6e 50 41 2b 56 38 6e 7a 2b 39 75 77 54 2f 67 34 58 74 44 47 4b 37 4c 6a 46 61 62 45 72 50 4e 45 6b 33 4c 33 32 75 49 52 36 6c 78 72 65 76 46 33 67 3d 3c 2f 48 6f 73 74 49 64 3e 3c 2f 45 72 72 6f 72 3e
                                                                                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>JV4VTGGNP1AWRT6Q</RequestId><HostId>CEAf4RR4MbCCJeuoelNAMdrTi8nPA+V8nz+9uwT/g4XtDGK7LjFabErPNEk3L32uIR6lxrevF3g=</HostId></Error>


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              4192.168.2.449744208.111.131.209802840C:\Users\user\Desktop\BitTorrent-7.6.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:37.186577082 CEST162OUTGET /utorrent-onboarding/welcome.btapp HTTP/1.1
                                                                                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                                                                                              User-Agent: BitTorrent/7600(26618)
                                                                                                                                                                                                                                              Host: apps.bittorrent.com
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:37.352507114 CEST329INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                              x-amz-request-id: J73RKCJTFX5SX38B
                                                                                                                                                                                                                                              x-amz-id-2: uv9Xqml+s7n4cHhlBiRnv8ZWVNPtaB2uSQMBu+0K3gaGp08SYQXmTbE1qLMMqgrOUd7e9KRw5i0=
                                                                                                                                                                                                                                              Content-Type: application/xml
                                                                                                                                                                                                                                              Date: Tue, 23 Apr 2024 03:40:37 GMT
                                                                                                                                                                                                                                              Server: AmazonS3
                                                                                                                                                                                                                                              X-LLID: e190056c81323a639f1f58413934a39c
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Cache-Control: max-age=86400
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:37.352538109 CEST243INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 41 63 63 65 73 73 44 65 6e 69 65 64 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 41 63
                                                                                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>J73RKCJTFX5SX38B</RequestId><HostId>uv9Xqml+s7n4cHhlBiRnv8ZWVNPtaB2uSQMBu+0K3gaGp08SYQXmTbE1qLMMqgrOUd7e9KRw5i0=</HostId></Error>


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              5192.168.2.449745208.111.131.209802840C:\Users\user\Desktop\BitTorrent-7.6.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:37.186856031 CEST162OUTGET /utorrent-onboarding/plus-bt.btapp HTTP/1.1
                                                                                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                                                                                              User-Agent: BitTorrent/7600(26618)
                                                                                                                                                                                                                                              Host: apps.bittorrent.com
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:37.291598082 CEST620INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                              x-amz-request-id: JV4VTGGNP1AWRT6Q
                                                                                                                                                                                                                                              x-amz-id-2: CEAf4RR4MbCCJeuoelNAMdrTi8nPA+V8nz+9uwT/g4XtDGK7LjFabErPNEk3L32uIR6lxrevF3g=
                                                                                                                                                                                                                                              Content-Type: application/xml
                                                                                                                                                                                                                                              Server: AmazonS3
                                                                                                                                                                                                                                              Age: 3
                                                                                                                                                                                                                                              Date: Tue, 23 Apr 2024 03:40:36 GMT
                                                                                                                                                                                                                                              Expires: Tue, 23 Apr 2024 03:40:43 GMT
                                                                                                                                                                                                                                              X-LLID: 42b416aa817de2a175e0080b609cb29c
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Cache-Control: max-age=86400
                                                                                                                                                                                                                                              Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 41 63 63 65 73 73 44 65 6e 69 65 64 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 4d 65 73 73 61 67 65 3e 3c 52 65 71 75 65 73 74 49 64 3e 4a 56 34 56 54 47 47 4e 50 31 41 57 52 54 36 51 3c 2f 52 65 71 75 65 73 74 49 64 3e 3c 48 6f 73 74 49 64 3e 43 45 41 66 34 52 52 34 4d 62 43 43 4a 65 75 6f 65 6c 4e 41 4d 64 72 54 69 38 6e 50 41 2b 56 38 6e 7a 2b 39 75 77 54 2f 67 34 58 74 44 47 4b 37 4c 6a 46 61 62 45 72 50 4e 45 6b 33 4c 33 32 75 49 52 36 6c 78 72 65 76 46 33 67 3d 3c 2f 48 6f 73 74 49 64 3e 3c 2f 45 72 72 6f 72 3e
                                                                                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>JV4VTGGNP1AWRT6Q</RequestId><HostId>CEAf4RR4MbCCJeuoelNAMdrTi8nPA+V8nz+9uwT/g4XtDGK7LjFabErPNEk3L32uIR6lxrevF3g=</HostId></Error>


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              6192.168.2.449747208.111.131.209802840C:\Users\user\Desktop\BitTorrent-7.6.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:37.397007942 CEST161OUTGET /utorrent-onboarding/player.btapp HTTP/1.1
                                                                                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                                                                                              User-Agent: BitTorrent/7600(26618)
                                                                                                                                                                                                                                              Host: apps.bittorrent.com
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:37.502774000 CEST622INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                              x-amz-request-id: 94N7JA3XT9MBXJ32
                                                                                                                                                                                                                                              x-amz-id-2: A6QEkCyfaq5s7ZNsu+Bd/SBpWs1E8FLdTbDWQxMOhbk+etNZFYe3GBsS+JNaDnXFzAZvKxxzdsE=
                                                                                                                                                                                                                                              Content-Type: application/xml
                                                                                                                                                                                                                                              Server: AmazonS3
                                                                                                                                                                                                                                              Age: 193
                                                                                                                                                                                                                                              Date: Tue, 23 Apr 2024 03:40:37 GMT
                                                                                                                                                                                                                                              Expires: Tue, 23 Apr 2024 04:07:24 GMT
                                                                                                                                                                                                                                              X-LLID: 6679222d66c8bf16ddb99924f9b72574
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Cache-Control: max-age=86400
                                                                                                                                                                                                                                              Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 41 63 63 65 73 73 44 65 6e 69 65 64 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 4d 65 73 73 61 67 65 3e 3c 52 65 71 75 65 73 74 49 64 3e 39 34 4e 37 4a 41 33 58 54 39 4d 42 58 4a 33 32 3c 2f 52 65 71 75 65 73 74 49 64 3e 3c 48 6f 73 74 49 64 3e 41 36 51 45 6b 43 79 66 61 71 35 73 37 5a 4e 73 75 2b 42 64 2f 53 42 70 57 73 31 45 38 46 4c 64 54 62 44 57 51 78 4d 4f 68 62 6b 2b 65 74 4e 5a 46 59 65 33 47 42 73 53 2b 4a 4e 61 44 6e 58 46 7a 41 5a 76 4b 78 78 7a 64 73 45 3d 3c 2f 48 6f 73 74 49 64 3e 3c 2f 45 72 72 6f 72 3e
                                                                                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>94N7JA3XT9MBXJ32</RequestId><HostId>A6QEkCyfaq5s7ZNsu+Bd/SBpWs1E8FLdTbDWQxMOhbk+etNZFYe3GBsS+JNaDnXFzAZvKxxzdsE=</HostId></Error>


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              7192.168.2.449749208.111.131.20980352C:\Program Files (x86)\BitTorrent\BitTorrent.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.377832890 CEST162OUTGET /utorrent-onboarding/welcome.btapp HTTP/1.1
                                                                                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                                                                                              User-Agent: BitTorrent/7600(26618)
                                                                                                                                                                                                                                              Host: apps.bittorrent.com
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.483347893 CEST620INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                              x-amz-request-id: J73RKCJTFX5SX38B
                                                                                                                                                                                                                                              x-amz-id-2: uv9Xqml+s7n4cHhlBiRnv8ZWVNPtaB2uSQMBu+0K3gaGp08SYQXmTbE1qLMMqgrOUd7e9KRw5i0=
                                                                                                                                                                                                                                              Content-Type: application/xml
                                                                                                                                                                                                                                              Server: AmazonS3
                                                                                                                                                                                                                                              Age: 4
                                                                                                                                                                                                                                              Date: Tue, 23 Apr 2024 03:40:40 GMT
                                                                                                                                                                                                                                              Expires: Tue, 23 Apr 2024 03:40:46 GMT
                                                                                                                                                                                                                                              X-LLID: b4a3d82bacb6a67832472f68b3cb4368
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Cache-Control: max-age=86400
                                                                                                                                                                                                                                              Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 41 63 63 65 73 73 44 65 6e 69 65 64 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 4d 65 73 73 61 67 65 3e 3c 52 65 71 75 65 73 74 49 64 3e 4a 37 33 52 4b 43 4a 54 46 58 35 53 58 33 38 42 3c 2f 52 65 71 75 65 73 74 49 64 3e 3c 48 6f 73 74 49 64 3e 75 76 39 58 71 6d 6c 2b 73 37 6e 34 63 48 68 6c 42 69 52 6e 76 38 5a 57 56 4e 50 74 61 42 32 75 53 51 4d 42 75 2b 30 4b 33 67 61 47 70 30 38 53 59 51 58 6d 54 62 45 31 71 4c 4d 4d 71 67 72 4f 55 64 37 65 39 4b 52 77 35 69 30 3d 3c 2f 48 6f 73 74 49 64 3e 3c 2f 45 72 72 6f 72 3e
                                                                                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>J73RKCJTFX5SX38B</RequestId><HostId>uv9Xqml+s7n4cHhlBiRnv8ZWVNPtaB2uSQMBu+0K3gaGp08SYQXmTbE1qLMMqgrOUd7e9KRw5i0=</HostId></Error>


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              8192.168.2.449748208.111.131.20980352C:\Program Files (x86)\BitTorrent\BitTorrent.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.377957106 CEST162OUTGET /utorrent-onboarding/plus-bt.btapp HTTP/1.1
                                                                                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                                                                                              User-Agent: BitTorrent/7600(26618)
                                                                                                                                                                                                                                              Host: apps.bittorrent.com
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.483237028 CEST620INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                              x-amz-request-id: JV4VTGGNP1AWRT6Q
                                                                                                                                                                                                                                              x-amz-id-2: CEAf4RR4MbCCJeuoelNAMdrTi8nPA+V8nz+9uwT/g4XtDGK7LjFabErPNEk3L32uIR6lxrevF3g=
                                                                                                                                                                                                                                              Content-Type: application/xml
                                                                                                                                                                                                                                              Server: AmazonS3
                                                                                                                                                                                                                                              Age: 7
                                                                                                                                                                                                                                              Date: Tue, 23 Apr 2024 03:40:40 GMT
                                                                                                                                                                                                                                              Expires: Tue, 23 Apr 2024 03:40:43 GMT
                                                                                                                                                                                                                                              X-LLID: be203663eae3bef66f4294b6425f033e
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Cache-Control: max-age=86400
                                                                                                                                                                                                                                              Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 41 63 63 65 73 73 44 65 6e 69 65 64 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 4d 65 73 73 61 67 65 3e 3c 52 65 71 75 65 73 74 49 64 3e 4a 56 34 56 54 47 47 4e 50 31 41 57 52 54 36 51 3c 2f 52 65 71 75 65 73 74 49 64 3e 3c 48 6f 73 74 49 64 3e 43 45 41 66 34 52 52 34 4d 62 43 43 4a 65 75 6f 65 6c 4e 41 4d 64 72 54 69 38 6e 50 41 2b 56 38 6e 7a 2b 39 75 77 54 2f 67 34 58 74 44 47 4b 37 4c 6a 46 61 62 45 72 50 4e 45 6b 33 4c 33 32 75 49 52 36 6c 78 72 65 76 46 33 67 3d 3c 2f 48 6f 73 74 49 64 3e 3c 2f 45 72 72 6f 72 3e
                                                                                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>JV4VTGGNP1AWRT6Q</RequestId><HostId>CEAf4RR4MbCCJeuoelNAMdrTi8nPA+V8nz+9uwT/g4XtDGK7LjFabErPNEk3L32uIR6lxrevF3g=</HostId></Error>


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              9192.168.2.449750208.111.131.20980352C:\Program Files (x86)\BitTorrent\BitTorrent.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.543975115 CEST225OUTGET /discoverContent/discoverContent.btapp?h=LGrCdiDYZ6xdNXqD&v=247556090&ol=en&ul=&tk=main&c=BitTorrent HTTP/1.1
                                                                                                                                                                                                                                              Host: apps.bittorrent.com
                                                                                                                                                                                                                                              User-Agent: BTWebClient/7600(26618)
                                                                                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                                                                                              Connection: Close
                                                                                                                                                                                                                                              Data Raw: 0d 0a
                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.691304922 CEST329INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                              x-amz-request-id: 3FAVA71VTBZXYMHZ
                                                                                                                                                                                                                                              x-amz-id-2: Qbp/irFcJm6v6TeGd7boMr07yK/OucAFf58XqfGV5oHIPf+Q6IoHBf4EGoyJ9QNTEBjKvZAGVL4=
                                                                                                                                                                                                                                              Content-Type: application/xml
                                                                                                                                                                                                                                              Date: Tue, 23 Apr 2024 03:40:40 GMT
                                                                                                                                                                                                                                              Server: AmazonS3
                                                                                                                                                                                                                                              X-LLID: 47e46e2e0d924efd94a87d8f97dd6319
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Cache-Control: max-age=86400
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.691374063 CEST243INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 41 63 63 65 73 73 44 65 6e 69 65 64 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 41 63
                                                                                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>3FAVA71VTBZXYMHZ</RequestId><HostId>Qbp/irFcJm6v6TeGd7boMr07yK/OucAFf58XqfGV5oHIPf+Q6IoHBf4EGoyJ9QNTEBjKvZAGVL4=</HostId></Error>


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              10192.168.2.449751208.111.131.20980352C:\Program Files (x86)\BitTorrent\BitTorrent.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.596364975 CEST161OUTGET /utorrent-onboarding/player.btapp HTTP/1.1
                                                                                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                                                                                              User-Agent: BitTorrent/7600(26618)
                                                                                                                                                                                                                                              Host: apps.bittorrent.com
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:40.701160908 CEST622INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                              x-amz-request-id: 66J93298EMGXPRRE
                                                                                                                                                                                                                                              x-amz-id-2: g5P0GhGE37xskk+tHm9irj7E0xo7Opzey/4AOhUBJIfp9IdbgnB51TXkHTWmJA90R9uSRJi8bJk=
                                                                                                                                                                                                                                              Content-Type: application/xml
                                                                                                                                                                                                                                              Server: AmazonS3
                                                                                                                                                                                                                                              Age: 213
                                                                                                                                                                                                                                              Date: Tue, 23 Apr 2024 03:40:40 GMT
                                                                                                                                                                                                                                              Expires: Tue, 23 Apr 2024 04:07:07 GMT
                                                                                                                                                                                                                                              X-LLID: c1a6bf54657aa29a1ae3285cc68554c9
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Cache-Control: max-age=86400
                                                                                                                                                                                                                                              Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 41 63 63 65 73 73 44 65 6e 69 65 64 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 4d 65 73 73 61 67 65 3e 3c 52 65 71 75 65 73 74 49 64 3e 36 36 4a 39 33 32 39 38 45 4d 47 58 50 52 52 45 3c 2f 52 65 71 75 65 73 74 49 64 3e 3c 48 6f 73 74 49 64 3e 67 35 50 30 47 68 47 45 33 37 78 73 6b 6b 2b 74 48 6d 39 69 72 6a 37 45 30 78 6f 37 4f 70 7a 65 79 2f 34 41 4f 68 55 42 4a 49 66 70 39 49 64 62 67 6e 42 35 31 54 58 6b 48 54 57 6d 4a 41 39 30 52 39 75 53 52 4a 69 38 62 4a 6b 3d 3c 2f 48 6f 73 74 49 64 3e 3c 2f 45 72 72 6f 72 3e
                                                                                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>66J93298EMGXPRRE</RequestId><HostId>g5P0GhGE37xskk+tHm9irj7E0xo7Opzey/4AOhUBJIfp9IdbgnB51TXkHTWmJA90R9uSRJi8bJk=</HostId></Error>


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              11192.168.2.44975599.86.228.10780352C:\Program Files (x86)\BitTorrent\BitTorrent.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:41.332110882 CEST168OUTGET /sites/default/files/bittorrent2_favicon.ico HTTP/1.1
                                                                                                                                                                                                                                              Host: www.bittorrent.com
                                                                                                                                                                                                                                              User-Agent: BTWebClient/7600(26618)
                                                                                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                                                                                              Connection: Close
                                                                                                                                                                                                                                              Data Raw: 0d 0a
                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:41.450232983 CEST606INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                              Server: CloudFront
                                                                                                                                                                                                                                              Date: Tue, 23 Apr 2024 03:40:41 GMT
                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                              Content-Length: 167
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Location: https://www.bittorrent.com/sites/default/files/bittorrent2_favicon.ico
                                                                                                                                                                                                                                              X-Cache: Redirect from cloudfront
                                                                                                                                                                                                                                              Via: 1.1 e1cdefd358f463eaddffcac2b749d60e.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                              X-Amz-Cf-Pop: IAD79-C3
                                                                                                                                                                                                                                              X-Amz-Cf-Id: zYkfZv0UN436Li86mcDvuDcbYql_YE6jhp2MVwSufJ_J_uSOfCVi6g==
                                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 43 6c 6f 75 64 46 72 6f 6e 74 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                              Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>CloudFront</center></body></html>


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              12192.168.2.449757208.111.131.20980352C:\Program Files (x86)\BitTorrent\BitTorrent.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.243094921 CEST225OUTGET /discoverContent/discoverContent.btapp?h=LGrCdiDYZ6xdNXqD&v=247556090&ol=en&ul=&tk=main&c=BitTorrent HTTP/1.1
                                                                                                                                                                                                                                              Host: apps.bittorrent.com
                                                                                                                                                                                                                                              User-Agent: BTWebClient/7600(26618)
                                                                                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                                                                                              Connection: Close
                                                                                                                                                                                                                                              Data Raw: 0d 0a
                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:42.348236084 CEST622INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                              x-amz-request-id: QWG5E2RHV7GFADFX
                                                                                                                                                                                                                                              x-amz-id-2: gSxrFyPgfgKbcd+7eRVdfSAo/fLZ/Xpi7kh0C6lYTpr73cmRERjp+x9AEHMyDr+2l2Z62R1GAr8=
                                                                                                                                                                                                                                              Content-Type: application/xml
                                                                                                                                                                                                                                              Server: AmazonS3
                                                                                                                                                                                                                                              Age: 169
                                                                                                                                                                                                                                              Date: Tue, 23 Apr 2024 03:40:42 GMT
                                                                                                                                                                                                                                              Expires: Tue, 23 Apr 2024 04:07:53 GMT
                                                                                                                                                                                                                                              X-LLID: 39fc0e618797b4ddd121abd5fe394e41
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Cache-Control: max-age=86400
                                                                                                                                                                                                                                              Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 41 63 63 65 73 73 44 65 6e 69 65 64 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 4d 65 73 73 61 67 65 3e 3c 52 65 71 75 65 73 74 49 64 3e 51 57 47 35 45 32 52 48 56 37 47 46 41 44 46 58 3c 2f 52 65 71 75 65 73 74 49 64 3e 3c 48 6f 73 74 49 64 3e 67 53 78 72 46 79 50 67 66 67 4b 62 63 64 2b 37 65 52 56 64 66 53 41 6f 2f 66 4c 5a 2f 58 70 69 37 6b 68 30 43 36 6c 59 54 70 72 37 33 63 6d 52 45 52 6a 70 2b 78 39 41 45 48 4d 79 44 72 2b 32 6c 32 5a 36 32 52 31 47 41 72 38 3d 3c 2f 48 6f 73 74 49 64 3e 3c 2f 45 72 72 6f 72 3e
                                                                                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>QWG5E2RHV7GFADFX</RequestId><HostId>gSxrFyPgfgKbcd+7eRVdfSAo/fLZ/Xpi7kh0C6lYTpr73cmRERjp+x9AEHMyDr+2l2Z62R1GAr8=</HostId></Error>


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              13192.168.2.449758188.166.49.11680352C:\Program Files (x86)\BitTorrent\BitTorrent.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.726382971 CEST134OUTGET /favicon.ico HTTP/1.1
                                                                                                                                                                                                                                              Host: www.mininova.org
                                                                                                                                                                                                                                              User-Agent: BTWebClient/7600(26618)
                                                                                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                                                                                              Connection: Close
                                                                                                                                                                                                                                              Data Raw: 0d 0a
                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                              Apr 23, 2024 05:40:43.931377888 CEST563INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Server: nginx/1.15.5 (Ubuntu)
                                                                                                                                                                                                                                              Date: Tue, 23 Apr 2024 03:40:43 GMT
                                                                                                                                                                                                                                              Content-Type: image/x-icon
                                                                                                                                                                                                                                              Content-Length: 318
                                                                                                                                                                                                                                              Last-Modified: Mon, 05 Nov 2018 15:51:53 GMT
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              ETag: "5be06719-13e"
                                                                                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                                                                                              Data Raw: 00 00 01 00 01 00 10 10 10 00 00 00 00 00 28 01 00 00 16 00 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 04 00 00 00 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 e2 70 36 00 f0 b3 94 00 87 4a 20 00 f8 d9 ca 00 e9 92 66 00 f4 c9 b3 00 e6 80 4d 00 ec a2 7c 00 fb ea e2 00 ee ab 89 00 f2 bc a2 00 e4 76 3f 00 f9 e2 d6 00 e7 87 57 00 44 44 44 44 44 44 44 44 41 11 11 11 11 11 11 14 41 11 11 11 11 11 11 14 41 11 11 11 11 11 11 14 41 22 71 e2 2e 17 22 14 41 22 71 e2 2e 17 22 14 41 22 71 e2 2e 17 22 14 41 22 c1 e2 25 17 22 14 41 22 61 72 23 13 28 14 41 22 2f d2 d2 6d 2b 14 41 88 c6 28 55 8d 9a 14 41 11 11 11 11 11 11 14 41 11 11 11 11 11 11 14 41 11 11 11 11 11 11 14 41 11 11 11 11 11 11 14 44 44 44 44 44 44 44 44 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                              Data Ascii: (( p6J fM|v?WDDDDDDDDAAAA"q."A"q."A"q."A"%"A"ar#(A"/m+A(UAAAADDDDDDDD


                                                                                                                                                                                                                                              HTTPS Proxied Packets

                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              0192.168.2.44973840.127.169.103443
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              2024-04-23 03:40:34 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=BkF6WMT3gCc+p+d&MD=uobSk+lL HTTP/1.1
                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                              User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                                                                                                                                              Host: slscr.update.microsoft.com
                                                                                                                                                                                                                                              2024-04-23 03:40:34 UTC560INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                              Expires: -1
                                                                                                                                                                                                                                              Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                                                                                                                                              ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                                                                                                                                                                                              MS-CorrelationId: fb076235-523f-4326-a89f-fd6ce80c4443
                                                                                                                                                                                                                                              MS-RequestId: c57ca460-207f-4c8f-bd8d-304b941fe2fb
                                                                                                                                                                                                                                              MS-CV: Buat3gltBkqfeUgl.0
                                                                                                                                                                                                                                              X-Microsoft-SLSClientCache: 2880
                                                                                                                                                                                                                                              Content-Disposition: attachment; filename=environment.cab
                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                              Date: Tue, 23 Apr 2024 03:40:33 GMT
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Length: 24490
                                                                                                                                                                                                                                              2024-04-23 03:40:34 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                                                                                                                                                                                              Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                                                                                                                                                                                              2024-04-23 03:40:34 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                                                                                                                                                                                              Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              1192.168.2.44975699.86.228.107443352C:\Program Files (x86)\BitTorrent\BitTorrent.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              2024-04-23 03:40:42 UTC145OUTGET /sites/default/files/bittorrent2_favicon.ico HTTP/1.1
                                                                                                                                                                                                                                              Host: www.bittorrent.com
                                                                                                                                                                                                                                              User-Agent: BTWebClient/7600(26618)
                                                                                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                                                                                              2024-04-23 03:40:42 UTC19OUTData Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 43 6c 6f 73 65 0d 0a
                                                                                                                                                                                                                                              Data Ascii: Connection: Close
                                                                                                                                                                                                                                              2024-04-23 03:40:42 UTC2OUTData Raw: 0d 0a
                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                              2024-04-23 03:40:42 UTC2OUTData Raw: 0d 0a
                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                              2024-04-23 03:40:42 UTC719INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                              Content-Length: 474298
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Date: Fri, 15 Mar 2024 20:10:22 GMT
                                                                                                                                                                                                                                              Cache-Control: public, max-age=0, must-revalidate
                                                                                                                                                                                                                                              Last-Modified: Fri, 15 Mar 2024 19:54:46 GMT
                                                                                                                                                                                                                                              ETag: "0a6792af469cbad22ffc3d9a2bed7494"
                                                                                                                                                                                                                                              Server: AmazonS3
                                                                                                                                                                                                                                              CloudFront-Viewer-Country: US
                                                                                                                                                                                                                                              Set-Cookie: cloudfront-view-country=US;Path=/
                                                                                                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                                                                                                              Content-Security-Policy: frame-ancestors 'self' https://*.trontv.com https://rainberrytv.com;
                                                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                                                              X-Cache: Error from cloudfront
                                                                                                                                                                                                                                              Via: 1.1 8b91488fa62e73ed6328bc389e6d1cbe.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                              X-Amz-Cf-Pop: IAD79-C3
                                                                                                                                                                                                                                              X-Amz-Cf-Id: aDG-nygxNba3QhuSfWD3xXsV-2H04LMYM0l9QPzK-55mdSh81RzDlA==
                                                                                                                                                                                                                                              Age: 3310221
                                                                                                                                                                                                                                              2024-04-23 03:40:42 UTC16384INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 53 65 74 3d 22 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 2f 3e 3c 73 74 79 6c 65 20 64 61 74 61 2d 68 72 65 66 3d 22 2f 73 74 79 6c 65 73 2e 66 30 38 38 65 63 31 38 37 66 38 39 62 62 39 34 63 61 31 64 2e 63 73 73 22 20 69 64
                                                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charSet="utf-8"/><meta http-equiv="x-ua-compatible" content="ie=edge"/><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"/><style data-href="/styles.f088ec187f89bb94ca1d.css" id
                                                                                                                                                                                                                                              2024-04-23 03:40:42 UTC16384INData Raw: 74 68 3a 37 35 25 7d 2e 63 6f 6c 2d 73 6d 2d 31 30 7b 66 6c 65 78 3a 30 20 30 20 38 33 2e 33 33 33 33 33 33 25 3b 6d 61 78 2d 77 69 64 74 68 3a 38 33 2e 33 33 33 33 33 33 25 7d 2e 63 6f 6c 2d 73 6d 2d 31 31 7b 66 6c 65 78 3a 30 20 30 20 39 31 2e 36 36 36 36 36 37 25 3b 6d 61 78 2d 77 69 64 74 68 3a 39 31 2e 36 36 36 36 36 37 25 7d 2e 63 6f 6c 2d 73 6d 2d 31 32 7b 66 6c 65 78 3a 30 20 30 20 31 30 30 25 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 7d 2e 6f 72 64 65 72 2d 73 6d 2d 66 69 72 73 74 7b 6f 72 64 65 72 3a 2d 31 7d 2e 6f 72 64 65 72 2d 73 6d 2d 6c 61 73 74 7b 6f 72 64 65 72 3a 31 33 7d 2e 6f 72 64 65 72 2d 73 6d 2d 30 7b 6f 72 64 65 72 3a 30 7d 2e 6f 72 64 65 72 2d 73 6d 2d 31 7b 6f 72 64 65 72 3a 31 7d 2e 6f 72 64 65 72 2d 73 6d 2d 32 7b 6f 72 64
                                                                                                                                                                                                                                              Data Ascii: th:75%}.col-sm-10{flex:0 0 83.333333%;max-width:83.333333%}.col-sm-11{flex:0 0 91.666667%;max-width:91.666667%}.col-sm-12{flex:0 0 100%;max-width:100%}.order-sm-first{order:-1}.order-sm-last{order:13}.order-sm-0{order:0}.order-sm-1{order:1}.order-sm-2{ord
                                                                                                                                                                                                                                              2024-04-23 03:40:42 UTC16384INData Raw: 38 61 37 34 35 7d 2e 63 75 73 74 6f 6d 2d 66 69 6c 65 2d 69 6e 70 75 74 2e 69 73 2d 76 61 6c 69 64 7e 2e 76 61 6c 69 64 2d 66 65 65 64 62 61 63 6b 2c 2e 63 75 73 74 6f 6d 2d 66 69 6c 65 2d 69 6e 70 75 74 2e 69 73 2d 76 61 6c 69 64 7e 2e 76 61 6c 69 64 2d 74 6f 6f 6c 74 69 70 2c 2e 77 61 73 2d 76 61 6c 69 64 61 74 65 64 20 2e 63 75 73 74 6f 6d 2d 66 69 6c 65 2d 69 6e 70 75 74 3a 76 61 6c 69 64 7e 2e 76 61 6c 69 64 2d 66 65 65 64 62 61 63 6b 2c 2e 77 61 73 2d 76 61 6c 69 64 61 74 65 64 20 2e 63 75 73 74 6f 6d 2d 66 69 6c 65 2d 69 6e 70 75 74 3a 76 61 6c 69 64 7e 2e 76 61 6c 69 64 2d 74 6f 6f 6c 74 69 70 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 2e 63 75 73 74 6f 6d 2d 66 69 6c 65 2d 69 6e 70 75 74 2e 69 73 2d 76 61 6c 69 64 3a 66 6f 63 75 73 7e 2e 63 75
                                                                                                                                                                                                                                              Data Ascii: 8a745}.custom-file-input.is-valid~.valid-feedback,.custom-file-input.is-valid~.valid-tooltip,.was-validated .custom-file-input:valid~.valid-feedback,.was-validated .custom-file-input:valid~.valid-tooltip{display:block}.custom-file-input.is-valid:focus~.cu
                                                                                                                                                                                                                                              2024-04-23 03:40:42 UTC15121INData Raw: 35 33 2c 36 39 2c 2e 35 29 7d 2e 62 74 6e 2d 6f 75 74 6c 69 6e 65 2d 64 61 6e 67 65 72 2e 64 69 73 61 62 6c 65 64 2c 2e 62 74 6e 2d 6f 75 74 6c 69 6e 65 2d 64 61 6e 67 65 72 3a 64 69 73 61 62 6c 65 64 7b 63 6f 6c 6f 72 3a 23 64 63 33 35 34 35 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 7d 2e 62 74 6e 2d 6f 75 74 6c 69 6e 65 2d 64 61 6e 67 65 72 3a 6e 6f 74 28 3a 64 69 73 61 62 6c 65 64 29 3a 6e 6f 74 28 2e 64 69 73 61 62 6c 65 64 29 2e 61 63 74 69 76 65 2c 2e 62 74 6e 2d 6f 75 74 6c 69 6e 65 2d 64 61 6e 67 65 72 3a 6e 6f 74 28 3a 64 69 73 61 62 6c 65 64 29 3a 6e 6f 74 28 2e 64 69 73 61 62 6c 65 64 29 3a 61 63 74 69 76 65 2c 2e 73 68 6f 77 3e 2e 62 74 6e 2d 6f 75 74 6c 69 6e 65 2d 64 61 6e 67 65 72 2e 64 72 6f 70
                                                                                                                                                                                                                                              Data Ascii: 53,69,.5)}.btn-outline-danger.disabled,.btn-outline-danger:disabled{color:#dc3545;background-color:transparent}.btn-outline-danger:not(:disabled):not(.disabled).active,.btn-outline-danger:not(:disabled):not(.disabled):active,.show>.btn-outline-danger.drop
                                                                                                                                                                                                                                              2024-04-23 03:40:42 UTC12792INData Raw: 32 33 2c 32 35 35 2c 2e 35 29 7d 2e 63 75 73 74 6f 6d 2d 63 68 65 63 6b 62 6f 78 20 2e 63 75 73 74 6f 6d 2d 63 6f 6e 74 72 6f 6c 2d 69 6e 70 75 74 3a 64 69 73 61 62 6c 65 64 3a 69 6e 64 65 74 65 72 6d 69 6e 61 74 65 7e 2e 63 75 73 74 6f 6d 2d 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 3a 62 65 66 6f 72 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 30 2c 31 32 33 2c 32 35 35 2c 2e 35 29 7d 2e 63 75 73 74 6f 6d 2d 72 61 64 69 6f 20 2e 63 75 73 74 6f 6d 2d 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 3a 62 65 66 6f 72 65 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 30 25 7d 2e 63 75 73 74 6f 6d 2d 72 61 64 69 6f 20 2e 63 75 73 74 6f 6d 2d 63 6f 6e 74 72 6f 6c 2d 69 6e 70 75 74 3a 63 68 65 63 6b 65 64 7e 2e 63 75 73 74 6f 6d 2d 63 6f 6e 74
                                                                                                                                                                                                                                              Data Ascii: 23,255,.5)}.custom-checkbox .custom-control-input:disabled:indeterminate~.custom-control-label:before{background-color:rgba(0,123,255,.5)}.custom-radio .custom-control-label:before{border-radius:50%}.custom-radio .custom-control-input:checked~.custom-cont
                                                                                                                                                                                                                                              2024-04-23 03:40:42 UTC16384INData Raw: 6e 6b 2c 2e 6e 61 76 62 61 72 2d 6c 69 67 68 74 20 2e 6e 61 76 62 61 72 2d 6e 61 76 20 2e 6e 61 76 2d 6c 69 6e 6b 2e 61 63 74 69 76 65 2c 2e 6e 61 76 62 61 72 2d 6c 69 67 68 74 20 2e 6e 61 76 62 61 72 2d 6e 61 76 20 2e 6e 61 76 2d 6c 69 6e 6b 2e 73 68 6f 77 2c 2e 6e 61 76 62 61 72 2d 6c 69 67 68 74 20 2e 6e 61 76 62 61 72 2d 6e 61 76 20 2e 73 68 6f 77 3e 2e 6e 61 76 2d 6c 69 6e 6b 7b 63 6f 6c 6f 72 3a 72 67 62 61 28 30 2c 30 2c 30 2c 2e 39 29 7d 2e 6e 61 76 62 61 72 2d 6c 69 67 68 74 20 2e 6e 61 76 62 61 72 2d 74 6f 67 67 6c 65 72 7b 63 6f 6c 6f 72 3a 72 67 62 61 28 30 2c 30 2c 30 2c 2e 35 29 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 29 7d 2e 6e 61 76 62 61 72 2d 6c 69 67 68 74 20 2e 6e 61 76 62 61 72 2d 74 6f 67 67
                                                                                                                                                                                                                                              Data Ascii: nk,.navbar-light .navbar-nav .nav-link.active,.navbar-light .navbar-nav .nav-link.show,.navbar-light .navbar-nav .show>.nav-link{color:rgba(0,0,0,.9)}.navbar-light .navbar-toggler{color:rgba(0,0,0,.5);border-color:rgba(0,0,0,.1)}.navbar-light .navbar-togg
                                                                                                                                                                                                                                              2024-04-23 03:40:42 UTC16384INData Raw: 6d 2d 61 63 74 69 6f 6e 2e 61 63 74 69 76 65 7b 63 6f 6c 6f 72 3a 23 66 66 66 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 33 38 33 64 34 31 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 33 38 33 64 34 31 7d 2e 6c 69 73 74 2d 67 72 6f 75 70 2d 69 74 65 6d 2d 73 75 63 63 65 73 73 7b 63 6f 6c 6f 72 3a 23 31 35 35 37 32 34 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 63 33 65 36 63 62 7d 2e 6c 69 73 74 2d 67 72 6f 75 70 2d 69 74 65 6d 2d 73 75 63 63 65 73 73 2e 6c 69 73 74 2d 67 72 6f 75 70 2d 69 74 65 6d 2d 61 63 74 69 6f 6e 3a 66 6f 63 75 73 2c 2e 6c 69 73 74 2d 67 72 6f 75 70 2d 69 74 65 6d 2d 73 75 63 63 65 73 73 2e 6c 69 73 74 2d 67 72 6f 75 70 2d 69 74 65 6d 2d 61 63 74 69 6f 6e 3a 68 6f 76 65 72 7b 63 6f 6c 6f 72 3a 23 31 35 35
                                                                                                                                                                                                                                              Data Ascii: m-action.active{color:#fff;background-color:#383d41;border-color:#383d41}.list-group-item-success{color:#155724;background-color:#c3e6cb}.list-group-item-success.list-group-item-action:focus,.list-group-item-success.list-group-item-action:hover{color:#155


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              2192.168.2.44976440.127.169.103443
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              2024-04-23 03:41:13 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=BkF6WMT3gCc+p+d&MD=uobSk+lL HTTP/1.1
                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                              User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                                                                                                                                              Host: slscr.update.microsoft.com
                                                                                                                                                                                                                                              2024-04-23 03:41:14 UTC560INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                              Expires: -1
                                                                                                                                                                                                                                              Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                                                                                                                                              ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160"
                                                                                                                                                                                                                                              MS-CorrelationId: dad34f14-1d0a-42c2-8dfa-2b89d1b5a279
                                                                                                                                                                                                                                              MS-RequestId: 0ad03cb2-1e25-47d3-87ca-9b6b6b9c588e
                                                                                                                                                                                                                                              MS-CV: 6JW4dNNHGkWl//JA.0
                                                                                                                                                                                                                                              X-Microsoft-SLSClientCache: 2160
                                                                                                                                                                                                                                              Content-Disposition: attachment; filename=environment.cab
                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                              Date: Tue, 23 Apr 2024 03:41:13 GMT
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Length: 25457
                                                                                                                                                                                                                                              2024-04-23 03:41:14 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92
                                                                                                                                                                                                                                              Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
                                                                                                                                                                                                                                              2024-04-23 03:41:14 UTC9633INData Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a
                                                                                                                                                                                                                                              Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq


                                                                                                                                                                                                                                              Statistics

                                                                                                                                                                                                                                              CPU Usage

                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                              Memory Usage

                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                              High Level Behavior Distribution

                                                                                                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                                                                                                              Behavior

                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                              System Behavior

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:0
                                                                                                                                                                                                                                              Start time:05:40:14
                                                                                                                                                                                                                                              Start date:23/04/2024
                                                                                                                                                                                                                                              Path:C:\Users\user\Desktop\BitTorrent-7.6.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\BitTorrent-7.6.exe"
                                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                                              File size:6'053'744 bytes
                                                                                                                                                                                                                                              MD5 hash:DED1F11C105F1EF534E1D3F08D192127
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:2
                                                                                                                                                                                                                                              Start time:05:40:32
                                                                                                                                                                                                                                              Start date:23/04/2024
                                                                                                                                                                                                                                              Path:C:\Users\user\Desktop\BitTorrent-7.6.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\BitTorrent-7.6.exe" /PERFORMINSTALL 30207 "C:\Program Files (x86)\BitTorrent" 1707618228
                                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                                              File size:6'053'744 bytes
                                                                                                                                                                                                                                              MD5 hash:DED1F11C105F1EF534E1D3F08D192127
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:4
                                                                                                                                                                                                                                              Start time:05:40:37
                                                                                                                                                                                                                                              Start date:23/04/2024
                                                                                                                                                                                                                                              Path:C:\Program Files (x86)\BitTorrent\BitTorrent.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                              Commandline:BitTorrent.exe /NOINSTALL /BRINGTOFRONT
                                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                                              File size:6'053'744 bytes
                                                                                                                                                                                                                                              MD5 hash:3185EE10379B592B64AD9BC098C9309C
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Antivirus matches:
                                                                                                                                                                                                                                              • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                              • Detection: 23%, ReversingLabs
                                                                                                                                                                                                                                              • Detection: 28%, Virustotal, Browse
                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:8
                                                                                                                                                                                                                                              Start time:05:40:49
                                                                                                                                                                                                                                              Start date:23/04/2024
                                                                                                                                                                                                                                              Path:C:\Program Files (x86)\BitTorrent\BitTorrent.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                              Commandline:"C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED
                                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                                              File size:6'053'744 bytes
                                                                                                                                                                                                                                              MD5 hash:3185EE10379B592B64AD9BC098C9309C
                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:9
                                                                                                                                                                                                                                              Start time:05:40:58
                                                                                                                                                                                                                                              Start date:23/04/2024
                                                                                                                                                                                                                                              Path:C:\Program Files (x86)\BitTorrent\BitTorrent.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                              Commandline:"C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED
                                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                                              File size:6'053'744 bytes
                                                                                                                                                                                                                                              MD5 hash:3185EE10379B592B64AD9BC098C9309C
                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              Disassembly

                                                                                                                                                                                                                                              Reset < >

                                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                                Execution Coverage:5.8%
                                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                Signature Coverage:15.4%
                                                                                                                                                                                                                                                Total number of Nodes:1702
                                                                                                                                                                                                                                                Total number of Limit Nodes:22
                                                                                                                                                                                                                                                execution_graph 19239 48cbc8 19240 48cbdc 19239->19240 19241 48cc93 19239->19241 19243 41fb6b 548 API calls 19240->19243 19242 41fb6b 548 API calls 19241->19242 19244 48ccb6 19242->19244 19245 48cbe7 19243->19245 19248 48ccdd 19244->19248 19269 468618 ??3@YAXPAX 19244->19269 19246 48cc4b ??2@YAPAXI 19245->19246 19251 48cc09 19245->19251 19260 48cc2e 19246->19260 19249 48cd01 ??2@YAPAXI 19248->19249 19252 48cd20 19249->19252 19253 48cd17 19249->19253 19250 48cc84 19251->19250 19257 48cc16 _wcsncoll 19251->19257 19274 46c96e 19252->19274 19270 449407 19253->19270 19257->19250 19257->19260 19258 48cd30 19259 48cd3d ??2@YAPAXI 19258->19259 19261 48cd49 19259->19261 19260->19250 19268 4b165e PostMessageW 19260->19268 19278 4b165e PostMessageW 19261->19278 19263 48cd66 WSAIoctl 19264 48cdab 19263->19264 19265 48cda1 19263->19265 19288 468618 ??3@YAXPAX 19264->19288 19279 41fb2f 19265->19279 19268->19250 19269->19248 19271 449418 19270->19271 19289 4487fe 19271->19289 19273 449420 19273->19252 19275 46c99a 19274->19275 19325 46c4b9 19275->19325 19278->19263 19330 48a579 19279->19330 19282 4892c7 548 API calls 19283 41fb54 19282->19283 19284 41f9c3 548 API calls 19283->19284 19285 41fb5f 19284->19285 19333 468618 ??3@YAXPAX 19285->19333 19287 41fb68 19287->19264 19288->19250 19290 46be1d 548 API calls 19289->19290 19291 448809 19290->19291 19294 4065c8 19291->19294 19293 448884 19293->19273 19297 40650b 19294->19297 19298 406538 19297->19298 19299 40651a 19297->19299 19298->19293 19300 406526 19299->19300 19301 40653a 19299->19301 19305 406556 19299->19305 19300->19298 19306 40623b 19300->19306 19301->19305 19311 405ded 19301->19311 19305->19298 19322 468618 ??3@YAXPAX 19305->19322 19307 40650b ??3@YAXPAX 19306->19307 19308 40624c 19307->19308 19309 406253 ??3@YAXPAX 19308->19309 19310 40625a 19308->19310 19309->19310 19310->19298 19312 405df6 19311->19312 19315 405e02 19311->19315 19312->19315 19323 468618 ??3@YAXPAX 19312->19323 19314 406538 19314->19301 19315->19314 19316 406526 19315->19316 19317 40653a 19315->19317 19320 406556 19315->19320 19316->19314 19321 40623b 2 API calls 19316->19321 19319 405ded 2 API calls 19317->19319 19317->19320 19319->19317 19320->19314 19324 468618 ??3@YAXPAX 19320->19324 19321->19314 19322->19298 19323->19315 19324->19314 19326 46c4e2 19325->19326 19327 46c4c2 19325->19327 19326->19258 19329 46b6a3 WSAEventSelect 19327->19329 19329->19326 19334 48a526 19330->19334 19333->19287 19335 48a562 19334->19335 19336 48b0a6 548 API calls 19335->19336 19337 41fb45 19336->19337 19337->19282 19338 471bc6 ??2@YAPAXI 19339 471bd5 19338->19339 19340 4155c0 19341 4155d0 19340->19341 19342 4155c7 19340->19342 19344 413177 19342->19344 19345 413185 19344->19345 19346 46b906 7 API calls 19345->19346 19347 4131a0 19346->19347 19348 4130ff 548 API calls 19347->19348 19349 4131a8 19348->19349 19350 4131c0 19349->19350 19351 40ffd4 548 API calls 19349->19351 19352 409777 548 API calls 19350->19352 19351->19350 19353 4131d8 19352->19353 19353->19341 19354 49b14b 19355 49b15a 19354->19355 19356 49b176 19354->19356 19366 49ad36 19355->19366 19358 41fb6b 548 API calls 19356->19358 19360 49b183 19358->19360 19359 49b172 19361 49a057 ??3@YAXPAX 19360->19361 19362 49b197 19361->19362 19363 49adc4 548 API calls 19362->19363 19364 49b1a2 19363->19364 19365 49a080 ??3@YAXPAX 19364->19365 19365->19359 19367 49ad58 19366->19367 19374 49a5d1 19367->19374 19392 468688 19374->19392 19376 49a609 19395 49a51e 19376->19395 19378 49a617 19398 49a0ea 19378->19398 19381 49a6cf 19382 49a6e1 19381->19382 19383 49a6f7 19382->19383 19384 470646 548 API calls 19382->19384 19386 49a6fb 19383->19386 19403 499c61 19383->19403 19384->19383 19387 470925 ??3@YAXPAX 19386->19387 19388 49a705 19387->19388 19389 499f54 19388->19389 19390 48aba3 ??3@YAXPAX 19389->19390 19391 499f65 19390->19391 19393 468620 547 API calls 19392->19393 19394 468694 memset 19393->19394 19394->19376 19401 49a0ba htonl 19395->19401 19397 49a532 19397->19378 19402 49a0ba htonl 19398->19402 19400 49a100 19400->19381 19401->19397 19402->19400 19415 499811 19403->19415 19406 499cfd 19406->19386 19407 499c88 ??2@YAPAXI 19408 499c9e 19407->19408 19409 499c94 19407->19409 19411 48ba1d ??3@YAXPAX 19408->19411 19426 498ef5 19409->19426 19412 499cbd memcpy 19411->19412 19412->19406 19413 499cf6 19412->19413 19414 46c4b9 WSAEventSelect 19413->19414 19414->19406 19430 499509 19415->19430 19418 499838 19419 499853 19418->19419 19433 499673 htons 19418->19433 19440 49953d 19419->19440 19422 499869 19422->19419 19443 46352e 19422->19443 19427 498efd 19426->19427 19428 468620 548 API calls 19427->19428 19429 498f16 19428->19429 19429->19408 19431 49951e setsockopt 19430->19431 19432 499536 19430->19432 19431->19432 19432->19418 19432->19422 19434 4996b9 memcpy 19433->19434 19436 4996f8 19433->19436 19434->19436 19437 46352e 2 API calls 19436->19437 19438 49976e WSASendTo 19437->19438 19439 499799 19438->19439 19439->19419 19441 499548 setsockopt 19440->19441 19442 49955c 19440->19442 19441->19442 19442->19406 19442->19407 19444 46353f 19443->19444 19445 463543 htons 19444->19445 19446 463578 htons 19444->19446 19449 4635b0 sendto 19445->19449 19446->19449 19449->19419 19450 415a44 19451 415a5e 19450->19451 19454 415a65 19450->19454 19460 4e4edd 19451->19460 19456 4e4edd 6 API calls 19454->19456 19458 415a86 19454->19458 19456->19458 19468 41580c 19458->19468 19461 4e4f25 19460->19461 19462 4e4ef2 19460->19462 19499 4e4e14 19461->19499 19462->19461 19463 4e4ef9 CryptGetHashParam CryptDestroyHash 19462->19463 19465 4e4f9f 19463->19465 19465->19454 19467 4e4e14 4 API calls 19467->19465 19469 409777 548 API calls 19468->19469 19471 415824 19469->19471 19470 415877 19514 43ebc1 19470->19514 19471->19470 19472 4159c2 19471->19472 19477 41584b 19471->19477 19475 4159d6 PostMessageW 19472->19475 19476 4159ea 19472->19476 19478 4159ef 19472->19478 19473 415872 19492 404ecc 19473->19492 19475->19476 19480 48ea36 548 API calls 19476->19480 19481 40ffd4 548 API calls 19477->19481 19478->19473 19551 414d19 19478->19551 19480->19478 19482 415858 19481->19482 19483 413177 548 API calls 19482->19483 19485 415860 19483->19485 19484 41589f 19487 43ebc1 548 API calls 19484->19487 19490 4158db 19484->19490 19485->19473 19509 48ea36 19485->19509 19486 415947 19486->19472 19518 415ab0 19486->19518 19487->19490 19490->19486 19491 41fb6b 548 API calls 19490->19491 19491->19486 19493 404ed7 19492->19493 19494 404ede 19492->19494 19709 404ba8 19493->19709 19496 404ef2 ??3@YAXPAX 19494->19496 19717 4e3d87 19494->19717 19500 4e4e27 19499->19500 19506 4e4ed6 19499->19506 19501 4e4e6b 19500->19501 19502 4e4e52 19500->19502 19503 4e4e43 CryptCreateHash 19500->19503 19504 4e4e79 memcpy 19501->19504 19508 4e4e95 19501->19508 19502->19501 19505 4e4e58 CryptHashData 19502->19505 19503->19502 19504->19508 19505->19501 19505->19506 19506->19467 19507 4e4ec3 memcpy 19507->19506 19508->19506 19508->19507 19510 48ea5f 19509->19510 19511 48ea43 19509->19511 19510->19473 19511->19510 19512 415ab0 548 API calls 19511->19512 19513 48ea6d 19512->19513 19513->19473 19515 43ebde 19514->19515 19517 43ec79 19515->19517 19564 43ea6a 19515->19564 19517->19484 19545 415ad3 19518->19545 19519 438ef7 19 API calls 19519->19545 19520 415d29 19525 415dc4 19520->19525 19572 468618 ??3@YAXPAX 19520->19572 19521 415c71 19521->19520 19529 43e9ee 35 API calls 19521->19529 19535 415cc4 19521->19535 19522 415b8c ??2@YAPAXI 19527 415bad ??2@YAPAXI 19522->19527 19522->19545 19524 415de4 19524->19472 19525->19524 19526 48ea36 545 API calls 19525->19526 19526->19524 19527->19545 19528 415d61 19573 468618 ??3@YAXPAX 19528->19573 19529->19521 19531 4e3d62 6 API calls 19531->19545 19532 415d74 19534 43e9ee 35 API calls 19532->19534 19536 415d83 19534->19536 19535->19520 19542 46fa30 GetFileAttributesW 19535->19542 19569 43e64a 19535->19569 19574 43f9a9 19536->19574 19538 4388ea 16 API calls 19538->19545 19540 415c03 ??2@YAPAXI 19540->19545 19542->19535 19545->19519 19545->19521 19545->19522 19545->19527 19545->19531 19545->19538 19545->19540 19546 415dae 19547 415dc6 19546->19547 19548 415dbf 19546->19548 19550 40ffd4 545 API calls 19547->19550 19600 41005d 19548->19600 19550->19525 19552 414d2d 19551->19552 19562 414d43 19551->19562 19553 415076 19552->19553 19552->19562 19652 40f7b4 19552->19652 19553->19473 19555 415058 19555->19553 19689 40d19b 19555->19689 19558 468620 548 API calls 19558->19562 19562->19555 19562->19558 19668 40904e 19562->19668 19676 40a84b 19562->19676 19680 47433a 19562->19680 19684 468618 ??3@YAXPAX 19562->19684 19685 4105e6 19562->19685 19565 468620 546 API calls 19564->19565 19566 43ea8a memset 19565->19566 19567 468620 546 API calls 19566->19567 19568 43ead9 memset 19567->19568 19568->19517 19570 4a03c0 548 API calls 19569->19570 19571 43e666 19570->19571 19571->19535 19572->19528 19573->19532 19575 415d9a 19574->19575 19576 43f9c6 19574->19576 19578 4150a8 19575->19578 19576->19575 19577 43e9ee 35 API calls 19576->19577 19577->19576 19579 4150c3 19578->19579 19580 4150cf GetLastError 19578->19580 19581 4150e5 memset 19579->19581 19580->19581 19583 415107 19581->19583 19582 41540d 19593 48e808 19582->19593 19583->19582 19584 4153d0 19583->19584 19610 40aa7a 19583->19610 19614 40aab4 19584->19614 19588 415403 19590 409777 546 API calls 19588->19590 19589 438ef7 19 API calls 19591 4153f0 19589->19591 19590->19582 19592 4388ea 16 API calls 19591->19592 19592->19588 19594 48e837 GetLastError 19593->19594 19595 48e826 19593->19595 19596 48e84d memcpy 19594->19596 19595->19596 19598 48e872 19596->19598 19597 48e950 19597->19546 19598->19597 19599 409777 546 API calls 19598->19599 19599->19598 19601 410074 19600->19601 19609 410193 19600->19609 19602 40ffd4 548 API calls 19601->19602 19603 4100c6 19602->19603 19605 43ea6a 548 API calls 19603->19605 19608 41013f 19603->19608 19604 41018c 19640 48de8a 19604->19640 19605->19608 19606 4087ad GetLastError 19606->19608 19608->19604 19608->19606 19609->19525 19611 40aab1 19610->19611 19612 40aa88 19610->19612 19611->19584 19612->19611 19618 472bcb 19612->19618 19615 40aac2 19614->19615 19616 40aae7 19614->19616 19615->19616 19637 471932 19615->19637 19616->19588 19616->19589 19619 472be9 19618->19619 19622 472594 19619->19622 19623 4725bc 19622->19623 19628 46d7c9 19623->19628 19626 472611 19626->19612 19627 46d7c9 548 API calls 19627->19626 19629 46d7eb 19628->19629 19630 46d7db 19628->19630 19629->19626 19629->19627 19630->19629 19632 46d888 memcpy 19630->19632 19633 46c860 19630->19633 19632->19630 19634 46c87f 19633->19634 19635 46c869 19633->19635 19636 468620 548 API calls 19634->19636 19635->19630 19636->19635 19638 469300 GetSystemTime 19637->19638 19639 47193c 19638->19639 19639->19615 19642 48de92 19640->19642 19641 48deb9 19641->19609 19642->19641 19644 48de01 19642->19644 19645 48de19 19644->19645 19646 48de2b ??2@YAPAXI 19645->19646 19648 48de6f 19645->19648 19647 48de37 19646->19647 19649 48bc64 547 API calls 19647->19649 19650 48bc64 547 API calls 19648->19650 19651 48de59 19649->19651 19650->19651 19651->19641 19653 40f7d0 19652->19653 19661 40faf0 19652->19661 19654 40d19b ??3@YAXPAX 19653->19654 19653->19661 19655 40f7fb 19654->19655 19656 40f820 GetLastError 19655->19656 19657 40f813 19655->19657 19656->19657 19657->19661 19693 48c1a9 19657->19693 19659 40fae8 19660 48b74d ??3@YAXPAX 19659->19660 19660->19661 19661->19562 19662 40f8a5 19662->19659 19663 48bc64 547 API calls 19662->19663 19664 48b5c5 memcpy 19662->19664 19666 40f9b6 19662->19666 19663->19662 19664->19662 19665 48bc64 547 API calls 19665->19666 19666->19659 19666->19665 19667 48b5c5 memcpy 19666->19667 19667->19666 19669 409061 19668->19669 19670 468688 548 API calls 19669->19670 19671 409073 19670->19671 19672 4a0eba 2 API calls 19671->19672 19673 40909c 19672->19673 19674 48bc64 548 API calls 19673->19674 19675 40912c 19674->19675 19675->19562 19677 40a85c 19676->19677 19699 40a56e 19677->19699 19679 40a87c 19679->19562 19681 47435f 19680->19681 19682 474462 19681->19682 19683 48bc64 548 API calls 19681->19683 19682->19562 19683->19681 19684->19562 19686 410611 19685->19686 19687 410602 19685->19687 19686->19562 19703 4418d0 19687->19703 19690 40d1a8 19689->19690 19690->19690 19691 48b74d ??3@YAXPAX 19690->19691 19692 40d1ca 19691->19692 19692->19553 19694 48c1dd 19693->19694 19695 48c1b5 19693->19695 19694->19662 19696 48bc10 547 API calls 19695->19696 19697 48c1c1 19696->19697 19697->19694 19698 48c1cb memcpy 19697->19698 19698->19694 19701 40a5a3 19699->19701 19700 4a0e81 GetTickCount 19700->19701 19701->19700 19702 40a6bb 19701->19702 19702->19679 19704 4418e1 19703->19704 19705 438ef7 19 API calls 19704->19705 19706 4418ec 19704->19706 19707 441902 19705->19707 19706->19686 19708 4388ea 16 API calls 19707->19708 19708->19706 19710 404bd9 19709->19710 19713 404bb5 19709->19713 19711 4e3d87 CryptDestroyHash 19710->19711 19712 404bde 19711->19712 19714 404be3 ??3@YAXPAX 19712->19714 19715 404bd4 19712->19715 19713->19715 19716 404bcd ??3@YAXPAX 19713->19716 19714->19715 19715->19494 19716->19715 19718 4e3d93 19717->19718 19719 404eeb ??3@YAXPAX 19717->19719 19718->19719 19720 4e3d9a CryptDestroyHash 19718->19720 19719->19496 19720->19719 19721 41ca47 19722 41cb5b 19721->19722 19723 41ca5f 19721->19723 19724 41ca64 19723->19724 19727 41ca77 19723->19727 19737 4455e2 ??3@YAXPAX 19724->19737 19728 41cb3e 19727->19728 19739 406159 19727->19739 19729 4455e2 ??3@YAXPAX 19728->19729 19730 41cb45 ??3@YAXPAX 19729->19730 19732 40650b 2 API calls 19730->19732 19732->19722 19736 41cb2b PostMessageW 19736->19728 19738 4455f6 19737->19738 19745 4060b9 19739->19745 19742 406178 19743 4060b9 _strncoll 19742->19743 19744 406181 19743->19744 19744->19728 19744->19736 19746 4060c3 19745->19746 19747 4060db 19746->19747 19749 48a6fb _strncoll 19746->19749 19747->19742 19750 48a712 19749->19750 19750->19746 18755 46864f 18756 468662 18755->18756 18759 468620 18755->18759 18757 468666 ??3@YAXPAX 18756->18757 18758 468678 realloc 18756->18758 18760 468685 18757->18760 18758->18760 18761 468671 18758->18761 18762 468637 18759->18762 18763 468642 malloc 18759->18763 18764 4a0163 545 API calls 18761->18764 18765 46864d 18763->18765 18766 46863b 18763->18766 18764->18758 18767 4a0163 545 API calls 18766->18767 18767->18763 19751 4091ce 19752 409211 19751->19752 19756 4091ff 19751->19756 19753 409252 htonl htonl 19752->19753 19752->19756 19754 409275 19753->19754 19755 409279 htonl 19754->19755 19754->19756 19755->19756 19757 474889 19758 474892 19757->19758 19759 4748a0 19757->19759 19761 4745fb 19758->19761 19762 474613 19761->19762 19765 474684 19761->19765 19763 474631 19762->19763 19780 4726b2 19762->19780 19786 48b763 19763->19786 19766 47474b 19765->19766 19790 471cfb 19765->19790 19803 46d89b 19766->19803 19771 474668 ??3@YAXPAX 19773 413177 548 API calls 19771->19773 19774 47467f 19773->19774 19774->19759 19775 474767 19776 48b763 memmove 19775->19776 19777 47486d ??3@YAXPAX 19776->19777 19778 47487b 19777->19778 19808 47492c 19778->19808 19781 472730 19780->19781 19782 472722 19780->19782 19784 472594 548 API calls 19781->19784 19783 471cfb 548 API calls 19782->19783 19783->19781 19785 472742 19784->19785 19785->19763 19787 474655 19786->19787 19788 48b76e memmove 19786->19788 19787->19771 19789 468618 ??3@YAXPAX 19787->19789 19788->19787 19789->19771 19791 471d08 19790->19791 19792 471e54 19791->19792 19794 471dae 19791->19794 19795 471d89 19791->19795 19802 471e1b 19791->19802 19792->19766 19793 48a5a0 5 API calls 19796 471e45 19793->19796 19798 48a63b 5 API calls 19794->19798 19799 48a63b 5 API calls 19795->19799 19813 41fb21 19796->19813 19800 471da9 19798->19800 19799->19800 19801 48a63b 5 API calls 19800->19801 19800->19802 19801->19802 19802->19793 19804 46d8c2 ??2@YAPAXI 19803->19804 19805 46d8ab 19803->19805 19806 46d8c0 19804->19806 19816 468618 ??3@YAXPAX 19805->19816 19806->19775 19811 474946 19808->19811 19809 474a13 19809->19774 19810 438ef7 19 API calls 19810->19811 19811->19809 19811->19810 19812 4388ea 16 API calls 19811->19812 19812->19811 19814 41f9c3 548 API calls 19813->19814 19815 41fb2e 19814->19815 19815->19792 19816->19806 19817 410551 19818 41055d 19817->19818 19819 410575 ??2@YAPAXI 19818->19819 19820 4105d4 19818->19820 19821 410593 19819->19821 19825 40d0bc 19821->19825 19823 4105c6 19823->19820 19824 4105ca ??3@YAXPAX 19823->19824 19824->19820 19826 46b834 6 API calls 19825->19826 19827 40d0ce 19826->19827 19827->19823 19828 48e95a 19830 48e969 19828->19830 19829 48e9d3 19830->19829 19833 487e9b htonl 19830->19833 19834 412333 19830->19834 19833->19830 19835 41234c 19834->19835 19851 41235b 19834->19851 19854 444ff8 19835->19854 19837 4125a7 ??2@YAPAXI 19838 4125b6 19837->19838 19842 4125e7 19837->19842 19869 471e59 19838->19869 19839 4087ad GetLastError 19839->19851 19841 41259f 19841->19837 19850 4123c0 19841->19850 19881 40875c 19842->19881 19844 4087ad GetLastError 19848 4124ca 19844->19848 19846 41247a _strcmpi 19846->19851 19847 48bc64 546 API calls 19849 412636 19847->19849 19848->19837 19848->19841 19848->19844 19848->19850 19857 40f650 19848->19857 19849->19850 19884 445147 19849->19884 19850->19830 19851->19839 19851->19846 19851->19848 19851->19850 19855 468620 548 API calls 19854->19855 19856 445012 19855->19856 19856->19851 19858 40875c GetLastError 19857->19858 19859 40f662 19858->19859 19890 409e5a 19859->19890 19864 40f689 19866 48bc64 548 API calls 19864->19866 19865 40f69d 19867 408f9c 8 API calls 19865->19867 19868 40f69b 19866->19868 19867->19868 19868->19848 19870 471e67 19869->19870 19880 471f9e 19870->19880 19898 4799a5 19870->19898 19873 463798 2 API calls 19878 471fd9 19873->19878 19878->19842 19880->19873 19882 408768 GetLastError 19881->19882 19883 408779 19881->19883 19882->19883 19883->19847 19886 445159 19884->19886 19885 4451f7 memcpy 19887 4451d7 19885->19887 19886->19887 19889 4451aa 19886->19889 19926 46864f 19886->19926 19887->19850 19889->19885 19889->19887 19891 409e6f 19890->19891 19892 48b5c5 memcpy 19891->19892 19893 409e77 19892->19893 19894 40f551 19893->19894 19897 40f56f 19894->19897 19895 40f63f 19895->19864 19895->19865 19896 48b5c5 memcpy 19896->19895 19897->19895 19897->19896 19910 479949 19898->19910 19901 479b90 19902 4799a5 2 API calls 19901->19902 19903 471f61 19902->19903 19904 479b75 19903->19904 19905 4799a5 2 API calls 19904->19905 19906 471f7f 19905->19906 19907 4799bd 19906->19907 19908 479949 2 API calls 19907->19908 19909 4799c6 19908->19909 19909->19880 19911 471f44 19910->19911 19913 479962 19910->19913 19911->19901 19913->19911 19915 4798b1 19913->19915 19918 488140 19913->19918 19916 488140 2 API calls 19915->19916 19917 4798ba 19916->19917 19917->19913 19919 488150 19918->19919 19921 48814c 19918->19921 19922 4880a7 19919->19922 19921->19913 19924 4880bf 19922->19924 19923 4880d4 19923->19921 19924->19923 19925 4880ed htonl htonl 19924->19925 19925->19923 19927 468662 19926->19927 19930 468620 19926->19930 19928 468666 ??3@YAXPAX 19927->19928 19929 468678 realloc 19927->19929 19931 468685 19928->19931 19929->19931 19932 468671 19929->19932 19933 468637 19930->19933 19934 468642 malloc 19930->19934 19931->19889 19935 4a0163 545 API calls 19932->19935 19933->19889 19936 46864d 19934->19936 19937 46863b 19934->19937 19935->19929 19936->19889 19938 4a0163 545 API calls 19937->19938 19938->19934 19939 412753 19946 412769 19939->19946 19940 412933 19942 48b74d ??3@YAXPAX 19940->19942 19941 4128fe 19941->19940 19947 412924 19941->19947 19966 4107dd 19941->19966 19943 41293a ??3@YAXPAX 19942->19943 19975 468618 ??3@YAXPAX 19943->19975 19946->19941 19963 4064db 19946->19963 19947->19940 19952 409777 548 API calls 19947->19952 19948 41294b 19950 40650b 2 API calls 19948->19950 19953 41295a 19950->19953 19952->19940 19954 412961 19954->19941 19976 406118 19954->19976 19956 48930d 548 API calls 19958 4127fc 19956->19958 19957 412976 19957->19941 19959 48a6aa 548 API calls 19957->19959 19961 48930d 548 API calls 19957->19961 19981 48ab79 19957->19981 19958->19941 19958->19956 19962 406159 _strncoll 19958->19962 19959->19957 19961->19957 19962->19958 19964 4060b9 _strncoll 19963->19964 19965 4064e4 19964->19965 19965->19954 19965->19958 19967 410802 19966->19967 19968 4107e5 19966->19968 19967->19941 19969 48aba3 ??3@YAXPAX 19968->19969 19970 4107ed 19969->19970 19971 409dc2 ??3@YAXPAX 19970->19971 19972 4107f4 19971->19972 19985 40dd40 19972->19985 19975->19948 19977 4060b9 _strncoll 19976->19977 19978 406125 19977->19978 20002 405f8b 19978->20002 19982 48ab83 19981->19982 20016 468618 ??3@YAXPAX 19982->20016 19984 48ab9c 19984->19957 19986 48b74d ??3@YAXPAX 19985->19986 19987 40dd4e 19986->19987 19988 48b74d ??3@YAXPAX 19987->19988 19989 40dd59 19988->19989 19990 48b74d ??3@YAXPAX 19989->19990 19991 40dd64 19990->19991 19992 48b74d ??3@YAXPAX 19991->19992 19993 40dd6f 19992->19993 19994 48b74d ??3@YAXPAX 19993->19994 19995 40dd7a 19994->19995 19996 48b74d ??3@YAXPAX 19995->19996 19997 40dd85 19996->19997 19998 48b74d ??3@YAXPAX 19997->19998 19999 40dd90 19998->19999 20000 48b74d ??3@YAXPAX 19999->20000 20001 40dd9f 20000->20001 20003 405f95 20002->20003 20007 405fb7 20002->20007 20003->20007 20008 4e51b9 20003->20008 20006 4893c5 4 API calls 20006->20007 20007->19957 20009 4e51cf 20008->20009 20010 4e51dd malloc 20008->20010 20009->20010 20011 4e5255 20010->20011 20015 4e51f1 20010->20015 20012 405fb0 20011->20012 20013 4e5266 realloc 20011->20013 20012->20006 20013->20012 20014 4e524d MultiByteToWideChar 20014->20011 20014->20015 20015->20011 20015->20014 20016->19984 17680 447393 17681 4473a8 17680->17681 17683 4473dd 17681->17683 17684 4473c8 17681->17684 17682 447424 ??2@YAPAXI 17686 447433 17682->17686 17687 44743a 17682->17687 17683->17682 17690 4473fd 17683->17690 17717 447283 ??2@YAPAXI 17684->17717 17739 445751 17686->17739 17706 48ba1d 17687->17706 17689 4473d8 17690->17689 17721 44c5b2 ??2@YAPAXI 17690->17721 17693 4474ac 17694 4474c0 17693->17694 17742 48aac4 17693->17742 17696 44752a 17694->17696 17710 470936 17694->17710 17697 447545 ??2@YAPAXI 17696->17697 17703 447551 17696->17703 17697->17703 17700 44750e 17713 43dcc6 ??2@YAPAXI 17700->17713 17701 447518 17746 470925 17701->17746 17749 44541c 17703->17749 17707 48ba29 17706->17707 17709 48ba2e 17706->17709 17752 48aba3 17707->17752 17709->17693 17756 470646 _strnicmp 17710->17756 17714 43dce8 17713->17714 17716 43dcf8 17713->17716 18617 43dc53 17714->18617 17716->17701 17718 447296 17717->17718 18648 445baa 17718->18648 17722 44c5ca 17721->17722 18652 44befd 17722->18652 17724 44c623 17726 44c651 17724->17726 17728 466aa1 3 API calls 17724->17728 17738 44c627 17724->17738 17729 4453ed strchr 17726->17729 17726->17738 17728->17726 17730 44c664 17729->17730 17731 44c69a 17730->17731 17735 44c67e InternetSetCookieA strchr 17730->17735 17733 421dc1 545 API calls 17731->17733 17736 44c6ab 17731->17736 17733->17736 17734 44c630 17734->17689 17735->17730 18670 468618 ??3@YAXPAX 17736->18670 17738->17734 18664 44bf64 17738->18664 18711 46be1d 17739->18711 17741 44575a 17741->17687 17743 48aacf 17742->17743 18723 468618 ??3@YAXPAX 17743->18723 17745 48aada 17745->17694 18724 4708b4 17746->18724 17750 470646 548 API calls 17749->17750 17751 445435 17750->17751 17751->17689 17755 468618 ??3@YAXPAX 17752->17755 17754 48abaf 17754->17709 17755->17754 17757 47067d 17756->17757 17758 470669 _strnicmp 17756->17758 17760 48aac4 ??3@YAXPAX 17757->17760 17758->17757 17759 47068d _strnicmp 17758->17759 17759->17757 17761 4706ad _strnicmp 17759->17761 17762 4706f4 strchr 17760->17762 17761->17757 17763 4706c9 _strnicmp 17761->17763 17764 47070c strchr 17762->17764 17765 470729 17762->17765 17763->17757 17766 447502 ??2@YAPAXI 17763->17766 17767 48aac4 ??3@YAXPAX 17764->17767 17794 4453ed 17765->17794 17766->17700 17766->17701 17769 470724 17767->17769 17771 47075b memchr 17769->17771 17770 470730 17772 470745 17770->17772 17799 421dc1 17770->17799 17774 470774 17771->17774 17775 4707a0 strrchr 17771->17775 17778 48aac4 ??3@YAXPAX 17772->17778 17805 40471b 17774->17805 17780 4707c0 strchr 17775->17780 17781 4707bb 17775->17781 17778->17771 17783 4707d0 strchr 17780->17783 17787 4707e0 17780->17787 17781->17780 17782 48aac4 ??3@YAXPAX 17784 470796 17782->17784 17783->17787 17809 468618 ??3@YAXPAX 17784->17809 17785 421dc1 536 API calls 17788 4707ff 17785->17788 17787->17785 17787->17787 17789 47083c atoi 17788->17789 17790 47084b 17788->17790 17789->17790 17791 421dc1 536 API calls 17790->17791 17792 470857 17791->17792 17792->17766 17810 4704fd strchr 17792->17810 17795 445407 strchr 17794->17795 17796 445414 17795->17796 17797 4453f3 17795->17797 17796->17770 17797->17795 17798 445418 17797->17798 17798->17770 17800 421dcb 17799->17800 17801 421dcf 17799->17801 17800->17772 17823 468620 17801->17823 17803 421dd8 17803->17800 17804 421dde memcpy 17803->17804 17804->17800 17806 404734 17805->17806 17807 468620 548 API calls 17806->17807 17808 404770 17807->17808 17808->17782 17809->17775 17811 470530 17810->17811 17812 47051c strchr 17810->17812 17814 421dc1 545 API calls 17811->17814 17812->17811 17813 47053c 17812->17813 18614 421e28 17813->18614 17814->17813 17816 470573 17817 421dc1 545 API calls 17816->17817 17821 47059f 17817->17821 17818 4705f8 strchr 17820 47060b 17818->17820 17819 421e28 strchr 17819->17821 17820->17766 17821->17818 17821->17819 17822 48bc64 545 API calls 17821->17822 17822->17821 17824 46862c 17823->17824 17825 468637 17824->17825 17826 468642 malloc 17824->17826 17825->17803 17827 46864d 17826->17827 17828 46863b 17826->17828 17827->17803 17830 4a0163 InterlockedExchange 17828->17830 17831 4a0178 17830->17831 17832 4a0199 Sleep 17830->17832 17835 43c5ff 17831->17835 17832->17826 17836 43c612 17835->17836 17837 43c615 CreateThread 17835->17837 17836->17837 17844 43c3b8 RtlEnterCriticalSection 17837->17844 17877 459cc7 17837->17877 17885 45ca56 17837->17885 17897 42c2e5 17837->17897 17921 439d9e GetCurrentThreadId 17837->17921 17927 46f4e8 17837->17927 17843 43c65b CloseHandle 17843->17832 17845 43c432 17844->17845 17846 43c3cf RtlEnterCriticalSection 17844->17846 17850 43c4f3 17845->17850 17847 43c3d9 17846->17847 17848 43c42b RtlLeaveCriticalSection 17847->17848 17849 43c3e5 GetCurrentThreadId GetCurrentThreadId 17847->17849 17848->17845 17849->17848 17851 43c4ff 17850->17851 17861 48c20c 17851->17861 17853 43c525 17854 43c436 17853->17854 17855 43c4a4 RtlLeaveCriticalSection 17854->17855 17856 43c44a RtlEnterCriticalSection 17854->17856 17855->17843 17875 43c341 17856->17875 17858 43c459 GetCurrentThreadId 17859 43c4a0 RtlLeaveCriticalSection 17858->17859 17860 43c467 17858->17860 17859->17855 17860->17859 17862 48c21b 17861->17862 17863 48c223 memmove 17861->17863 17865 48c18f 17862->17865 17863->17853 17866 48c199 17865->17866 17869 48bc10 17866->17869 17870 48bc1b 17869->17870 17871 48bc31 17869->17871 17872 468618 ??3@YAXPAX 17870->17872 17874 46864f 548 API calls 17871->17874 17873 48bc24 17872->17873 17873->17863 17874->17873 17876 43c37b 17875->17876 17876->17858 17932 46b834 17877->17932 17879 459ccc 17880 459ce3 17879->17880 17881 459cf2 17879->17881 17935 4475bf 17880->17935 17883 44c5b2 548 API calls 17881->17883 17884 459cf0 17883->17884 17886 45ca64 17885->17886 17887 46b834 6 API calls 17886->17887 17888 45ca69 17887->17888 17964 408be7 ??2@YAPAXI 17888->17964 17891 44c5b2 548 API calls 17892 45ca8a 17891->17892 17894 45ca96 17892->17894 17968 40757e InterlockedDecrement 17892->17968 17970 468618 ??3@YAXPAX 17894->17970 17896 45caa5 17974 4b3470 17897->17974 17899 42c300 17900 42c31d 17899->17900 17995 4dca90 17899->17995 17902 42c329 IsIconic 17900->17902 17903 42c376 17902->17903 17908 42c337 17902->17908 17904 42c3a1 17903->17904 17905 42c484 17903->17905 18009 468618 ??3@YAXPAX 17904->18009 17907 48a63b 5 API calls 17905->17907 17911 42c4a2 17905->17911 17907->17911 17908->17903 18003 4b5f65 17908->18003 17910 42c40a 17910->17911 18010 4892c7 17910->18010 18031 468618 ??3@YAXPAX 17911->18031 17913 42c4cd 17918 42c45a 17919 42c47b SetErrorMode 17918->17919 18020 42c20f memset 17918->18020 17919->17911 17922 439db2 17921->17922 17923 439db9 17921->17923 18183 4371fa 17922->18183 18189 439c02 17923->18189 17926 439dc2 18213 46f337 GetTickCount 17927->18213 17933 43c3b8 5 API calls 17932->17933 17934 46b83e GetCurrentThreadId 17933->17934 17934->17879 17938 447393 17935->17938 17939 4473a8 17938->17939 17941 4473dd 17939->17941 17942 4473c8 17939->17942 17940 447424 ??2@YAPAXI 17944 447433 17940->17944 17945 44743a 17940->17945 17941->17940 17948 4473fd 17941->17948 17943 447283 545 API calls 17942->17943 17947 4473d8 17943->17947 17946 445751 545 API calls 17944->17946 17949 48ba1d ??3@YAXPAX 17945->17949 17946->17945 17947->17884 17948->17947 17950 44c5b2 545 API calls 17948->17950 17951 4474ac 17949->17951 17950->17947 17952 4474c0 17951->17952 17953 48aac4 ??3@YAXPAX 17951->17953 17954 44752a 17952->17954 17956 470936 545 API calls 17952->17956 17953->17952 17955 447545 ??2@YAPAXI 17954->17955 17961 447551 17954->17961 17955->17961 17957 447502 ??2@YAPAXI 17956->17957 17958 44750e 17957->17958 17959 447518 17957->17959 17962 43dcc6 14 API calls 17958->17962 17963 470925 ??3@YAXPAX 17959->17963 17960 44541c 545 API calls 17960->17947 17961->17960 17962->17959 17963->17954 17965 408c03 17964->17965 17971 43bb88 17965->17971 17969 407592 17968->17969 17969->17894 17970->17896 17972 43bb95 InterlockedIncrement 17971->17972 17973 408c26 17971->17973 17972->17973 17973->17891 17975 4b349d GetModuleHandleA 17974->17975 17993 4b34b7 17975->17993 17976 4b35bf GetModuleHandleA 17979 4b35bd 17976->17979 17979->17976 17981 4b3703 17979->17981 17984 48b064 543 API calls 17979->17984 17980 4b34d6 GetCurrentProcess 17980->17993 17982 4b3723 17981->17982 18060 48b0a6 17981->18060 17982->17899 17984->17979 17985 48b064 543 API calls 17985->17993 17988 48b0a6 543 API calls 17989 4b3721 17988->17989 17989->17899 17991 4b353c _strncoll 17992 4b3550 atoi 17991->17992 17991->17993 17992->17993 17993->17975 17993->17979 17993->17980 17993->17985 17993->17991 17994 48a63b 5 API calls 17993->17994 18032 4a10e3 GetModuleHandleA 17993->18032 18036 443ca2 17993->18036 18046 48930d 17993->18046 18053 41fb6b 17993->18053 17994->17993 18114 466aa1 17995->18114 17998 4dcb0b GetCurrentProcessId 18121 426c8c 17998->18121 18000 4dcb1c 18127 468618 ??3@YAXPAX 18000->18127 18002 4dcab7 18002->17900 18004 4b5fa3 18003->18004 18005 4b5f71 18003->18005 18004->17903 18006 4b5f87 18005->18006 18130 4b5b89 18005->18130 18006->18004 18008 4b5b89 548 API calls 18006->18008 18008->18004 18009->17910 18167 48ac26 18010->18167 18012 4892ce 18013 48c4d5 3 API calls 18012->18013 18014 4892d5 18013->18014 18173 468618 ??3@YAXPAX 18014->18173 18016 42c42a 18017 48a63b 18016->18017 18174 48a5a0 18017->18174 18021 42c275 CreateProcessW 18020->18021 18022 42c23b GetCurrentProcess GetCurrentProcess DuplicateHandle 18020->18022 18024 42c2a5 18021->18024 18025 42c2bd 18021->18025 18023 42c25b 18022->18023 18023->18021 18026 42c2b3 CloseHandle 18024->18026 18027 42c2ac 18024->18027 18028 42c2c1 CloseHandle 18025->18028 18029 42c2c6 18025->18029 18030 42c2b8 CloseHandle 18026->18030 18027->18030 18028->18029 18029->17919 18030->18025 18031->17913 18033 4a10ff GetProcAddress 18032->18033 18034 4a10f4 LoadLibraryA 18032->18034 18035 4a1107 18033->18035 18034->18033 18034->18035 18035->17993 18063 443bd8 18036->18063 18038 443cbb 18039 443cc2 18038->18039 18040 443cce 18038->18040 18066 442a06 18039->18066 18069 442aa0 18040->18069 18044 442a06 RegCloseKey 18045 443cc7 18044->18045 18045->17993 18072 48abb9 18046->18072 18050 48931b 18084 468618 ??3@YAXPAX 18050->18084 18052 489329 18052->17993 18085 48a5df 18053->18085 18059 41fba3 18059->17993 18110 48bc64 18060->18110 18062 48b0be 18062->17988 18064 442a06 RegCloseKey 18063->18064 18065 443be0 RegOpenKeyExW 18064->18065 18065->18038 18067 442a0f RegCloseKey 18066->18067 18068 442a19 18066->18068 18067->18068 18068->18045 18070 442a1b RegQueryValueExW 18069->18070 18071 442ab7 18070->18071 18071->18044 18073 48abca WideCharToMultiByte 18072->18073 18075 489314 18072->18075 18074 48abf1 18073->18074 18073->18075 18076 468620 546 API calls 18074->18076 18078 48c4d5 18075->18078 18077 48abfc WideCharToMultiByte 18076->18077 18077->18075 18079 48c51c 18078->18079 18080 48c4de 18078->18080 18079->18050 18080->18079 18081 48c4e8 TlsGetValue 18080->18081 18082 48c518 18081->18082 18083 48c4f6 malloc TlsSetValue 18081->18083 18082->18050 18083->18082 18084->18052 18086 48a39e WSAAddressToStringA GetLastError memset GetLastError htonl 18085->18086 18087 48a61b 18086->18087 18088 48b147 548 API calls 18087->18088 18089 41fb86 18088->18089 18090 41f9c3 18089->18090 18091 41f9d6 18090->18091 18092 41f9e6 18090->18092 18091->18092 18093 43c3b8 RtlEnterCriticalSection RtlEnterCriticalSection GetCurrentThreadId GetCurrentThreadId RtlLeaveCriticalSection 18092->18093 18094 41f9ff 18093->18094 18095 4a10d5 GetLocalTime 18094->18095 18098 41fa07 18095->18098 18096 41fa21 18097 4a0e4d GetLocalTime 18096->18097 18099 41fa35 18097->18099 18098->18096 18100 41f8f7 548 API calls 18098->18100 18101 4a0eba GetSystemTime GetTickCount 18099->18101 18100->18096 18102 41fa44 18101->18102 18103 43c436 RtlEnterCriticalSection GetCurrentThreadId RtlLeaveCriticalSection RtlLeaveCriticalSection 18102->18103 18104 41fa7c 18103->18104 18105 468618 ??3@YAXPAX 18104->18105 18106 41fa85 18105->18106 18107 41f96e InterlockedExchange PostMessageW PostMessageW 18106->18107 18108 41fa8f 18107->18108 18109 468618 ??3@YAXPAX 18108->18109 18109->18059 18111 48bc7b 18110->18111 18112 48bc8e memcpy 18110->18112 18113 48bc10 547 API calls 18111->18113 18112->18062 18113->18112 18115 466ab3 18114->18115 18116 466af2 18115->18116 18117 466ab8 LoadLibraryA 18115->18117 18118 466ad1 GetProcAddress 18115->18118 18116->17998 18116->18002 18117->18115 18119 466aea GetLastError 18117->18119 18120 466add 18118->18120 18119->18116 18120->18115 18122 426cad 18121->18122 18128 469300 GetSystemTime 18122->18128 18124 426cb8 18125 40471b 548 API calls 18124->18125 18126 426d3f 18125->18126 18126->18000 18127->18002 18129 469331 18128->18129 18129->18124 18131 4b5b9e 18130->18131 18132 4b5b97 18130->18132 18134 4b5bad 18131->18134 18135 4b5be3 ShowWindow 18131->18135 18141 4af73f 18132->18141 18145 4b48f9 18134->18145 18137 4b5bed 18135->18137 18148 4b406f 18137->18148 18142 4af769 18141->18142 18143 4af749 18141->18143 18142->18131 18144 4af754 ShowWindow 18143->18144 18144->18142 18144->18144 18146 4b38f1 548 API calls 18145->18146 18147 4b4901 ShowWindow SetForegroundWindow 18146->18147 18147->18137 18150 4b408e 18148->18150 18149 4b40bd memset 18153 4b4129 18149->18153 18150->18149 18152 45c465 RegCloseKey RegQueryValueExW RegOpenKeyExW 18150->18152 18154 4b40ab 18152->18154 18156 4b4172 18153->18156 18157 4b4216 18153->18157 18166 4b414b 18153->18166 18154->18149 18158 4a0eba GetSystemTime GetTickCount 18154->18158 18155 4b427a 18155->18006 18163 421e44 wcschr 18156->18163 18165 4b4199 18156->18165 18160 48c11e 546 API calls 18157->18160 18158->18149 18159 4b4274 Shell_NotifyIconW 18159->18155 18160->18166 18161 48e7a8 6 API calls 18162 4b41e0 18161->18162 18164 48c11e 546 API calls 18162->18164 18163->18165 18164->18166 18165->18161 18166->18155 18166->18159 18168 48ac2d 18167->18168 18169 48ac31 18167->18169 18168->18012 18170 468620 547 API calls 18169->18170 18171 48ac4c MultiByteToWideChar 18170->18171 18172 48ac63 18171->18172 18172->18012 18173->18016 18177 48a39e 18174->18177 18181 48a3ae 18177->18181 18178 42c43d GetModuleFileNameW 18178->17918 18179 489fec WSAAddressToStringA GetLastError memset GetLastError htonl 18179->18181 18180 489875 GetLastError memset 18180->18181 18181->18178 18181->18179 18181->18180 18182 489825 GetLastError memset 18181->18182 18182->18181 18184 437200 GetCurrentThread SetThreadPriority 18183->18184 18185 43721a 18183->18185 18186 437237 GetCurrentThread SetThreadPriority 18184->18186 18187 43721f GetCurrentThread SetThreadPriority 18185->18187 18188 43723c 18185->18188 18186->18188 18187->18186 18188->17923 18197 439c29 18189->18197 18190 43c3b8 5 API calls 18190->18197 18191 43c436 4 API calls 18192 439c52 WaitForSingleObject 18191->18192 18194 43c3b8 5 API calls 18192->18194 18193 439d78 18196 43c436 4 API calls 18193->18196 18194->18197 18198 439d7f PostMessageW 18196->18198 18197->18190 18197->18191 18197->18193 18199 43c436 4 API calls 18197->18199 18200 4371fa 6 API calls 18197->18200 18201 438a7e 18197->18201 18198->17926 18199->18197 18200->18197 18202 438aa2 18201->18202 18203 438a96 18201->18203 18202->18197 18203->18202 18203->18203 18204 438aa9 ??2@YAPAXI 18203->18204 18205 438ad0 18204->18205 18209 4a0e81 18205->18209 18208 438af3 ??3@YAXPAX 18208->18202 18210 4a0e8a 18209->18210 18211 4a0eb1 GetTickCount 18210->18211 18212 4a0e95 18210->18212 18211->18208 18212->18208 18217 46f364 18213->18217 18230 46f4e0 18213->18230 18214 46f366 GetTickCount 18215 46f383 Sleep 18214->18215 18214->18217 18215->18217 18217->18214 18217->18215 18221 46b834 6 API calls 18217->18221 18224 4a0eba 2 API calls 18217->18224 18225 46f3f9 18217->18225 18217->18230 18236 4b1615 18217->18236 18240 46b690 WSAWaitForMultipleEvents 18217->18240 18241 4a0eba 18217->18241 18250 46f2ee 18217->18250 18293 46cc1b 18217->18293 18299 46c8a5 18217->18299 18306 4232e1 18217->18306 18309 4a01a7 18217->18309 18312 46f29c 18217->18312 18220 46f39a GetTickCount 18220->18217 18221->18217 18224->18217 18254 4e15ee 18225->18254 18265 49b2c7 18225->18265 18233 48b74d 18230->18233 18613 468618 ??3@YAXPAX 18233->18613 18235 46f4fb 18237 4b161e 18236->18237 18239 4b1623 18236->18239 18327 4b156e 18237->18327 18239->18217 18240->18217 18242 4a0ec9 18241->18242 18243 4a0efd 18241->18243 18245 4a0e81 GetTickCount 18242->18245 18244 4a0e81 GetTickCount 18243->18244 18246 4a0f02 __aulldiv 18244->18246 18247 4a0ed7 __aulldiv 18245->18247 18246->18220 18248 469300 GetSystemTime 18247->18248 18249 4a0eec 18248->18249 18249->18243 18251 46f2f5 18250->18251 18253 46f335 18250->18253 18252 46f31d WSAWaitForMultipleEvents 18251->18252 18252->18251 18252->18253 18253->18217 18255 4e15f3 18254->18255 18259 4e16d8 18255->18259 18337 4e15b6 18255->18337 18257 4e1695 18258 48bc10 548 API calls 18257->18258 18263 4e16a8 18257->18263 18258->18263 18259->18225 18262 4e161f 18262->18257 18262->18259 18341 48b5c5 18262->18341 18263->18259 18344 4dfe41 18263->18344 18364 4e0c68 18263->18364 18266 49b2dc 18265->18266 18267 49b2f5 GetTickCount 18265->18267 18266->18267 18268 49b325 18267->18268 18273 49b30a 18267->18273 18270 49b331 ??2@YAPAXI 18268->18270 18292 49b389 18268->18292 18271 49b34f 18270->18271 18272 49b344 18270->18272 18275 49b38d 18271->18275 18276 49b35d 18271->18276 18395 49a405 18272->18395 18273->18268 18376 49b021 18273->18376 18410 49b1af 18275->18410 18401 49a057 18276->18401 18282 49b398 18286 49a057 ??3@YAXPAX 18282->18286 18283 49b3c6 18429 49a7d8 18283->18429 18284 49b37a 18407 49a080 18284->18407 18287 49b3aa 18286->18287 18288 49adc4 546 API calls 18287->18288 18290 49b3b5 18288->18290 18291 49a080 ??3@YAXPAX 18290->18291 18291->18292 18292->18217 18298 46cc2e 18293->18298 18294 46cfdf 18294->18217 18298->18294 18439 4df6f4 18298->18439 18443 487eec 18298->18443 18447 463798 18298->18447 18461 468618 ??3@YAXPAX 18299->18461 18301 46c8b2 18302 46c8e2 18301->18302 18462 468618 ??3@YAXPAX 18301->18462 18305 46c906 18302->18305 18463 468618 ??3@YAXPAX 18302->18463 18305->18217 18307 4232f3 18306->18307 18308 4232ea HeapCompact 18306->18308 18307->18217 18308->18307 18310 4a01b9 18309->18310 18311 4a01b0 HeapCompact 18309->18311 18310->18217 18311->18310 18313 46f2cc 18312->18313 18314 46f2a8 18312->18314 18601 447372 18313->18601 18464 43b01b 18314->18464 18323 46f2c1 18477 41fcd7 18323->18477 18324 46f2bc 18475 499385 GetTickCount 18324->18475 18328 4b157c 18327->18328 18329 4b15e8 18328->18329 18330 443bd8 RegCloseKey RegOpenKeyExW 18328->18330 18329->18239 18331 4b15a1 18330->18331 18332 4b15b8 18331->18332 18333 442beb RegQueryInfoKeyW 18331->18333 18332->18329 18334 443bd8 RegCloseKey RegOpenKeyExW 18332->18334 18333->18332 18335 4b15d1 18334->18335 18335->18329 18336 442beb RegQueryInfoKeyW 18335->18336 18336->18329 18340 4e15bc 18337->18340 18338 4e15ec 18338->18262 18339 4e00fb 6 API calls 18339->18340 18340->18338 18340->18339 18342 48b5d3 memcpy 18341->18342 18343 48b5f5 18341->18343 18342->18343 18343->18262 18345 4dfe49 18344->18345 18346 4dfb96 6 API calls 18345->18346 18347 4dfe4e 18346->18347 18348 4dfe63 18347->18348 18349 4df65a htons htons 18347->18349 18352 4e0077 18348->18352 18354 4e0029 18348->18354 18361 4df65a htons htons 18348->18361 18362 4dff82 18348->18362 18350 4dfe5b 18349->18350 18353 4dfb0a htons htons 18350->18353 18351 4df65a htons htons 18355 4e007e 18351->18355 18352->18351 18353->18348 18356 4e003e 18354->18356 18357 4df65a htons htons 18354->18357 18355->18263 18356->18352 18360 4df98f 6 API calls 18356->18360 18358 4e0036 18357->18358 18359 4dfb0a htons htons 18358->18359 18359->18356 18360->18352 18361->18362 18362->18354 18363 4df9a8 6 API calls 18362->18363 18363->18354 18365 4e0c7b 18364->18365 18366 4df6bf htons htons 18365->18366 18367 4e0c86 18366->18367 18368 468618 ??3@YAXPAX 18367->18368 18369 4e0ccf 18367->18369 18368->18367 18370 468618 ??3@YAXPAX 18369->18370 18371 4e0cea 18369->18371 18370->18369 18372 468618 ??3@YAXPAX 18371->18372 18373 4e0cf7 18372->18373 18374 468618 ??3@YAXPAX 18373->18374 18375 4e0d04 18374->18375 18377 49b033 18376->18377 18382 49b069 18376->18382 18380 49a057 ??3@YAXPAX 18377->18380 18394 49b05e 18377->18394 18378 49b0d3 18379 49a7d8 548 API calls 18378->18379 18379->18394 18381 49b04b 18380->18381 18383 49adc4 548 API calls 18381->18383 18382->18378 18385 49a798 _strcmpi 18382->18385 18388 49b08a 18382->18388 18382->18394 18384 49b056 18383->18384 18386 49a080 ??3@YAXPAX 18384->18386 18385->18388 18386->18394 18387 49b0a5 18389 49a057 ??3@YAXPAX 18387->18389 18388->18378 18388->18387 18388->18394 18390 49b0b7 18389->18390 18391 49adc4 548 API calls 18390->18391 18392 49b0c2 18391->18392 18393 49a080 ??3@YAXPAX 18392->18393 18393->18394 18394->18273 18396 49a41a 18395->18396 18397 48aac4 ??3@YAXPAX 18396->18397 18398 49a456 18397->18398 18399 48bc64 548 API calls 18398->18399 18400 49a47d 18399->18400 18400->18271 18402 48aac4 ??3@YAXPAX 18401->18402 18403 49a073 18402->18403 18404 49adc4 18403->18404 18405 49a7d8 548 API calls 18404->18405 18406 49add1 18405->18406 18406->18284 18408 48aba3 ??3@YAXPAX 18407->18408 18409 49a091 18408->18409 18409->18292 18411 49b1c0 18410->18411 18412 470646 548 API calls 18411->18412 18413 49b1cb 18412->18413 18414 49b1dc 18413->18414 18415 49b1cf 18413->18415 18417 48817b 15 API calls 18414->18417 18416 470925 ??3@YAXPAX 18415->18416 18418 49b1d7 18416->18418 18419 49b1f1 18417->18419 18418->18282 18418->18283 18420 49b24b 18419->18420 18423 49b20c 18419->18423 18421 49ad36 548 API calls 18420->18421 18422 49b222 18421->18422 18424 470925 ??3@YAXPAX 18422->18424 18425 49b232 18423->18425 18426 49b215 18423->18426 18424->18418 18427 43b31b 14 API calls 18425->18427 18428 41fb6b 548 API calls 18426->18428 18427->18422 18428->18422 18430 49a7ec _strcmpi 18429->18430 18434 49a86a 18429->18434 18431 49a808 18430->18431 18431->18430 18433 49a51e htonl 18431->18433 18431->18434 18436 48bc64 547 API calls 18431->18436 18432 49a905 18432->18292 18433->18431 18434->18432 18435 49a6cf 547 API calls 18434->18435 18437 49a057 ??3@YAXPAX 18434->18437 18438 49a080 ??3@YAXPAX 18434->18438 18435->18434 18436->18431 18437->18434 18438->18434 18440 4dec33 htons htons 18439->18440 18441 4df710 memcpy 18440->18441 18441->18298 18444 487efa htons 18443->18444 18445 487f27 htons 18443->18445 18446 487f41 18444->18446 18445->18446 18446->18298 18448 4637a8 18447->18448 18449 4637ea htonl 18448->18449 18459 4637c1 18448->18459 18450 46380b 18449->18450 18452 46381e 18449->18452 18451 49f45a strtoul 18450->18451 18451->18452 18453 49f45a strtoul 18452->18453 18454 463858 18452->18454 18452->18459 18453->18454 18455 49f45a strtoul 18454->18455 18456 463891 18454->18456 18454->18459 18455->18456 18457 49f45a strtoul 18456->18457 18458 4638c3 18456->18458 18456->18459 18457->18458 18458->18459 18460 49f45a strtoul 18458->18460 18459->18298 18460->18459 18461->18301 18462->18301 18463->18302 18465 43b05c 18464->18465 18466 43b024 18464->18466 18470 47ee67 18465->18470 18467 43c3b8 RtlEnterCriticalSection RtlEnterCriticalSection GetCurrentThreadId GetCurrentThreadId RtlLeaveCriticalSection 18466->18467 18468 43b032 18467->18468 18468->18465 18469 43af8d ??3@YAXPAX 18468->18469 18469->18468 18472 47edff 18470->18472 18471 46f2b2 18471->18323 18471->18324 18472->18471 18473 47ee4f 18472->18473 18473->18472 18474 47bdec 548 API calls 18473->18474 18474->18473 18476 4993aa __aulldiv 18475->18476 18476->18323 18478 48faa6 18477->18478 18479 4045f5 547 API calls 18478->18479 18482 48fb14 18478->18482 18483 48fad4 18479->18483 18480 48fe99 18485 4379c0 9 API calls 18480->18485 18481 48fdf0 18489 48cdbe 547 API calls 18481->18489 18508 48fbd4 18481->18508 18482->18481 18490 48fb4d 18482->18490 18482->18508 18483->18482 18497 41cb62 547 API calls 18483->18497 18484 46b834 6 API calls 18486 48fe4e 18484->18486 18487 48fe9e 18485->18487 18493 48fe53 18486->18493 18488 48ffc2 18487->18488 18491 437dc5 16 API calls 18487->18491 18494 4a0e81 GetTickCount 18488->18494 18573 490b9d 18488->18573 18500 48fe1e 18489->18500 18492 48fb8f ??2@YAPAXI 18490->18492 18490->18508 18510 48fbde 18490->18510 18529 48feb2 18491->18529 18496 48fba4 18492->18496 18505 48fbaf 18492->18505 18502 469300 GetSystemTime 18493->18502 18498 48ffef 18494->18498 18495 48ff16 18501 48ffa1 18495->18501 18516 48206c 547 API calls 18495->18516 18499 48930d 547 API calls 18496->18499 18497->18483 18503 490013 18498->18503 18549 490024 18498->18549 18499->18505 18514 41fb6b 547 API calls 18500->18514 18511 48ca94 547 API calls 18501->18511 18509 48fe5f 18502->18509 18512 40c21e 547 API calls 18503->18512 18504 48b5c5 memcpy 18504->18529 18507 48fbc3 18505->18507 18505->18508 18506 4900f0 18513 49019d 18506->18513 18519 490107 18506->18519 18515 4b165e PostMessageW 18507->18515 18508->18480 18508->18484 18509->18480 18523 46b834 6 API calls 18509->18523 18524 426c8c 547 API calls 18510->18524 18511->18488 18518 490018 18512->18518 18532 490193 18513->18532 18561 4901c4 18513->18561 18514->18508 18521 48fbcf 18515->18521 18517 48ff68 18516->18517 18522 4822c7 547 API calls 18517->18522 18518->18549 18525 4a1487 15 API calls 18519->18525 18520 40c6bf 547 API calls 18520->18549 18521->18508 18527 48ff90 18522->18527 18528 48fe76 18523->18528 18536 48fc27 18524->18536 18537 49010c 18525->18537 18526 408f9c 8 API calls 18526->18529 18530 4822c7 547 API calls 18527->18530 18531 469300 GetSystemTime 18528->18531 18529->18495 18529->18504 18529->18526 18530->18501 18538 48fe7d 18531->18538 18532->18513 18533 4a12c8 7 API calls 18532->18533 18533->18561 18534 4150a8 547 API calls 18534->18549 18535 418e8a 547 API calls 18535->18549 18539 40471b 547 API calls 18536->18539 18546 48fc91 18536->18546 18537->18532 18540 41a3d7 547 API calls 18537->18540 18543 41304f 547 API calls 18537->18543 18538->18480 18542 48fc76 18539->18542 18540->18537 18541 47bbdd 547 API calls 18541->18549 18545 49f2c1 547 API calls 18542->18545 18543->18537 18544 4902f2 18560 48de8a 547 API calls 18544->18560 18599 490324 18544->18599 18551 48fc85 18545->18551 18553 48930d 547 API calls 18546->18553 18547 4b49dc 9 API calls 18555 490a29 18547->18555 18548 4087cb ??3@YAXPAX ??3@YAXPAX 18548->18549 18549->18506 18549->18520 18549->18534 18549->18535 18549->18541 18549->18548 18550 48cb9d ??3@YAXPAX ??3@YAXPAX 18556 4902c9 18550->18556 18557 48b801 ??3@YAXPAX 18551->18557 18552 4164af 547 API calls 18552->18561 18554 48fcc0 18553->18554 18564 48c100 547 API calls 18554->18564 18558 436934 547 API calls 18555->18558 18556->18544 18556->18550 18556->18599 18557->18546 18562 490a2e 18558->18562 18559 48cb9d ??3@YAXPAX ??3@YAXPAX 18559->18561 18560->18544 18561->18552 18561->18556 18561->18559 18566 48b5c5 memcpy 18561->18566 18561->18573 18574 48de01 547 API calls 18561->18574 18561->18599 18565 48eb21 547 API calls 18562->18565 18563 463798 htonl strtoul 18563->18599 18570 48fceb 18564->18570 18571 490a33 18565->18571 18566->18561 18567 48fd26 18577 408be7 ??2@YAPAXI InterlockedIncrement 18567->18577 18568 490a8b 18569 490af2 18568->18569 18572 4a0eba GetSystemTime GetTickCount 18568->18572 18569->18573 18579 493ba1 memcpy 18569->18579 18570->18567 18575 468618 ??3@YAXPAX 18570->18575 18571->18568 18576 40cd96 547 API calls 18571->18576 18578 490aa7 18572->18578 18573->18313 18574->18561 18575->18567 18576->18571 18580 48fd45 18577->18580 18581 4a2051 547 API calls 18578->18581 18591 490b12 __allrem 18579->18591 18585 4475bf 547 API calls 18580->18585 18582 490abb 18581->18582 18583 48930d 547 API calls 18582->18583 18586 490ac6 18583->18586 18584 490344 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 18584->18547 18587 48fd66 18585->18587 18588 48c100 547 API calls 18586->18588 18589 48fd74 18587->18589 18592 40757e InterlockedDecrement 18587->18592 18590 490adb 18588->18590 18589->18508 18594 48930d 547 API calls 18589->18594 18596 4a15a7 GetModuleHandleA LoadLibraryA GetProcAddress InternetSetCookieA 18590->18596 18591->18573 18593 490b5f 18591->18593 18595 48b763 memmove 18591->18595 18592->18589 18593->18573 18598 43683d 547 API calls 18593->18598 18597 48fd7f 18594->18597 18595->18593 18596->18569 18600 445a63 547 API calls 18597->18600 18598->18573 18599->18563 18599->18584 18600->18508 18603 4472c6 18601->18603 18602 44736e 18609 46eae4 18602->18609 18603->18602 18607 447338 18603->18607 18608 48bc64 548 API calls 18603->18608 18604 447366 18605 48b74d ??3@YAXPAX 18604->18605 18605->18602 18606 445be5 memcpy 18606->18607 18607->18604 18607->18606 18608->18603 18611 46eae6 18609->18611 18610 46eb30 18610->18217 18611->18610 18612 46ea5b 548 API calls 18611->18612 18612->18611 18613->18235 18615 421e2f strchr 18614->18615 18616 421e2c 18614->18616 18615->18616 18616->17816 18618 43dc6f 18617->18618 18621 43ccb8 18618->18621 18622 43cda2 18621->18622 18623 43ccca ??2@YAPAXI 18621->18623 18622->17716 18624 43cce6 memset 18623->18624 18625 43ccf4 18623->18625 18626 43ccf6 ??2@YAPAXI 18624->18626 18625->18626 18627 43cd09 18626->18627 18628 43cd0f ??2@YAPAXI 18626->18628 18627->18628 18629 43cd22 18628->18629 18630 43cd28 memset 18628->18630 18629->18630 18634 43cbec 18630->18634 18633 43cd61 memset 18633->18622 18639 43cb3d 18634->18639 18637 43cc0a 18637->18622 18637->18633 18638 466aa1 3 API calls 18638->18637 18640 43cb54 GetVersionExW 18639->18640 18642 43cb4d 18639->18642 18641 43cb73 18640->18641 18640->18642 18641->18642 18643 43cbaf LoadLibraryA 18641->18643 18642->18637 18642->18638 18643->18642 18644 43cbc2 GetProcAddress 18643->18644 18645 43cbd2 18644->18645 18646 43cbda FreeLibrary 18644->18646 18645->18646 18647 43cbe5 18645->18647 18646->18642 18647->18642 18649 445bb8 18648->18649 18650 48bc64 548 API calls 18649->18650 18651 445be3 18650->18651 18651->17689 18653 44bf24 18652->18653 18654 44bf0b 18652->18654 18653->17724 18658 44c051 18653->18658 18655 44bf0f InterlockedIncrement 18654->18655 18656 44bf19 18654->18656 18655->18656 18656->18653 18657 40757e InterlockedDecrement 18656->18657 18657->18653 18671 46fc81 18658->18671 18660 44c067 18661 44c07d 18660->18661 18662 44c06f GetLastError 18660->18662 18661->17724 18674 44c039 18662->18674 18665 44bf77 18664->18665 18666 44bf72 18664->18666 18668 44bf85 18665->18668 18669 44bf7e ??3@YAXPAX 18665->18669 18667 40757e InterlockedDecrement 18666->18667 18667->18665 18668->17734 18669->18668 18670->17738 18672 46fc8b CreateFileW 18671->18672 18672->18660 18679 46b906 18674->18679 18676 44c045 18684 44bff1 18676->18684 18680 46b913 18679->18680 18681 46b94e 18680->18681 18688 4a1a2e 18680->18688 18681->18676 18685 44c005 18684->18685 18694 44bf8b 18685->18694 18689 4a1a5a FormatMessageW 18688->18689 18690 4a1a4a GetModuleHandleA 18688->18690 18691 4a1a70 18689->18691 18693 46ba46 18689->18693 18690->18689 18692 48a63b 5 API calls 18691->18692 18692->18693 18693->18676 18706 468618 ??3@YAXPAX 18694->18706 18696 44bf99 18697 44bfa6 18696->18697 18700 44bfab 18696->18700 18707 46f914 18697->18707 18699 44bfbc 18702 48b74d ??3@YAXPAX 18699->18702 18700->18699 18701 46b834 6 API calls 18700->18701 18701->18699 18703 44bfd2 18702->18703 18704 44bfe5 InternetCloseHandle 18703->18704 18705 44bfee 18703->18705 18704->18705 18705->18661 18706->18696 18708 46f8fe 18707->18708 18709 46f912 18708->18709 18710 46f908 CloseHandle 18708->18710 18709->18700 18710->18709 18714 46bd77 18711->18714 18713 46be27 18713->17741 18719 48bc4e 18714->18719 18717 48bc64 548 API calls 18718 46bdb9 18717->18718 18718->18713 18720 46bda1 18719->18720 18721 48bc57 18719->18721 18720->18717 18722 48bc10 548 API calls 18721->18722 18722->18720 18723->17745 18725 48aba3 ??3@YAXPAX 18724->18725 18726 4708bd 18725->18726 18727 48aba3 ??3@YAXPAX 18726->18727 18728 4708c7 18727->18728 18729 48aba3 ??3@YAXPAX 18728->18729 18730 4708cf 18729->18730 18731 48aba3 ??3@YAXPAX 18730->18731 18732 4708d7 18731->18732 18733 48aba3 ??3@YAXPAX 18732->18733 18734 4708df 18733->18734 18735 48aba3 ??3@YAXPAX 18734->18735 18736 4708e7 18735->18736 18737 48aba3 ??3@YAXPAX 18736->18737 18738 4708ef 18737->18738 18739 48aba3 ??3@YAXPAX 18738->18739 18740 4708f7 18739->18740 18741 48aba3 ??3@YAXPAX 18740->18741 18742 4708ff 18741->18742 18743 48aba3 ??3@YAXPAX 18742->18743 18744 470906 18743->18744 18745 48aba3 ??3@YAXPAX 18744->18745 18746 47090e 18745->18746 18749 470874 18746->18749 18750 4708a0 18749->18750 18751 47087f 18749->18751 18753 48aba3 ??3@YAXPAX 18750->18753 18751->18750 18752 468618 ??3@YAXPAX 18751->18752 18752->18751 18754 4708ae 18753->18754 18768 5c3c00 18771 5c3c18 VirtualProtect 18768->18771 18770 5c47aa 18771->18770 18779 4131de 18789 43f4d0 18779->18789 18790 43f4e4 18789->18790 18792 43f4eb 18790->18792 18823 485b99 18790->18823 18828 43e95a 18792->18828 18795 43f526 GetFileAttributesW 18799 43f53c 18795->18799 18796 43f57a 18836 409dc2 18796->18836 18799->18795 18799->18796 18800 43f55a 18799->18800 18801 43f560 GetVolumeInformationW 18799->18801 18800->18796 18801->18796 18840 4a03b6 18823->18840 18825 485ba7 18843 468618 ??3@YAXPAX 18825->18843 18827 485bbb 18827->18792 18829 43e968 18828->18829 18830 48bc64 548 API calls 18829->18830 18834 43e984 18830->18834 18831 43e9c6 18851 468618 ??3@YAXPAX 18831->18851 18833 43e9cf 18833->18795 18833->18796 18834->18831 18835 48bc64 548 API calls 18834->18835 18835->18834 18837 409ddf 18836->18837 18839 409dcd 18836->18839 18839->18837 18852 468618 ??3@YAXPAX 18839->18852 18844 4a02e3 18840->18844 18842 4a03bf 18842->18825 18843->18827 18845 4a0399 18844->18845 18846 4a02f6 18844->18846 18845->18842 18846->18845 18847 468620 546 API calls 18846->18847 18848 4a035d memcpy 18847->18848 18849 4a0384 memcpy 18848->18849 18850 4a0375 18848->18850 18849->18845 18850->18849 18851->18833 18852->18839 20017 4a0128 20018 46680b 20017->20018 20019 4a014d InterlockedExchange 20018->20019 20020 48df2a 20021 46b834 6 API calls 20020->20021 20022 48df35 20021->20022 20023 469300 GetSystemTime 20022->20023 20025 40add7 20022->20025 20023->20022 20026 409777 548 API calls 20025->20026 20027 40ade4 20026->20027 20027->20022 20028 4232a6 20029 42326f HeapFree 20028->20029 20030 408865 20031 4087ad GetLastError 20030->20031 20032 40886e 20031->20032 20033 4087ad GetLastError 20032->20033 20034 408877 20033->20034 20035 4667a3 20036 48c4d5 3 API calls 20035->20036 20037 4667ac 20036->20037 20042 4667e8 CallNextHookEx 20037->20042 20043 4aeca6 20037->20043 20040 4667d0 SetPropA 20041 48c4d5 3 API calls 20040->20041 20041->20042 20044 4aecbc 20043->20044 20048 4aecb5 20043->20048 20053 464899 GetPropW 20044->20053 20046 4aecc9 20047 4aecd5 ??2@YAPAXI 20046->20047 20052 4aed0d 20046->20052 20050 4aece3 20047->20050 20048->20040 20049 4aed20 ??2@YAPAXI 20049->20048 20054 46488a SetPropW 20050->20054 20052->20048 20052->20049 20053->20046 20054->20052 20055 415de6 20056 415df0 20055->20056 20062 415e36 20055->20062 20057 415e1c 20056->20057 20063 412f51 20056->20063 20058 48a6aa 548 API calls 20057->20058 20059 415e2c 20058->20059 20069 40fd7f 20059->20069 20064 412f5f 20063->20064 20065 412f7c 20063->20065 20064->20065 20066 4107dd 2 API calls 20064->20066 20065->20056 20067 412f87 20066->20067 20068 48b5c5 memcpy 20067->20068 20068->20065 20070 40fd8c ??2@YAPAXI 20069->20070 20071 40fdfd 20069->20071 20072 40fd9d 20070->20072 20083 48af70 20071->20083 20073 40fdad memset 20072->20073 20075 48bc64 545 API calls 20073->20075 20075->20071 20076 40fe0d 20077 40fe36 20076->20077 20078 40fe1a _wcsicmp 20076->20078 20080 48bc64 545 API calls 20077->20080 20078->20076 20079 40fe4b 20078->20079 20088 468618 ??3@YAXPAX 20079->20088 20081 40fe43 20080->20081 20081->20062 20084 48af76 20083->20084 20086 48af77 20083->20086 20084->20076 20085 48aff1 20085->20076 20086->20085 20087 48afe2 memmove 20086->20087 20087->20085 20088->20081 20089 473b6e ??2@YAPAXI 20090 473b80 20089->20090 20091 473b8a 20089->20091 20094 472063 20090->20094 20095 46be1d 548 API calls 20094->20095 20096 47206d 20095->20096 20097 469300 GetSystemTime 20096->20097 20098 472268 20097->20098 20099 42002b 20100 42003a 20099->20100 20101 420055 20100->20101 20102 420045 htonl 20100->20102 20102->20101 18772 45a7a9 18773 45a7b5 18772->18773 18774 45a7e6 PostMessageW 18773->18774 18775 45a7fa 18773->18775 18774->18775 18778 468618 ??3@YAXPAX 18775->18778 18777 45a803 18778->18777 20103 4367ae 20104 4367c2 20103->20104 20105 4367ea 20104->20105 20106 4367cc htonl 20104->20106 20110 487e9b htonl 20106->20110 20108 4367e1 20111 43672a 20108->20111 20110->20108 20112 436748 20111->20112 20117 433f51 ??2@YAPAXI 20112->20117 20114 436759 20119 4336a2 20114->20119 20118 433f62 20117->20118 20118->20114 20120 433728 20119->20120 20121 4336ad 20119->20121 20120->20105 20121->20120 20122 499c61 548 API calls 20121->20122 20122->20120 20123 462de9 20124 4880a7 2 API calls 20123->20124 20125 462def 20124->20125 20126 43abac 20127 43abb5 20126->20127 20128 43abc4 20126->20128 20130 43c5b1 20127->20130 20131 43c5f3 RtlInitializeCriticalSection 20130->20131 20132 43c5c7 RtlEnterCriticalSection 20130->20132 20131->20128 20133 43c5d8 20132->20133 20136 43c4ab 20133->20136 20137 43c4b9 20136->20137 20138 48c20c 548 API calls 20137->20138 20139 43c4dd RtlLeaveCriticalSection 20138->20139 20139->20131 20140 406234 20143 405e11 20140->20143 20144 48a6fb _strncoll 20143->20144 20145 405e21 20144->20145 17678 46fa30 GetFileAttributesW 17679 46fa3c 17678->17679 20146 4455fe ??2@YAPAXI 20147 445616 20146->20147 20148 445637 20146->20148 20152 445593 20147->20152 20156 4233d6 20148->20156 20153 4455a2 20152->20153 20154 4455da 20153->20154 20155 48ba1d ??3@YAXPAX 20153->20155 20154->20148 20155->20154 20159 4b165e PostMessageW 20156->20159 20158 4233e9 20159->20158 20160 459c7e 20161 459c90 20160->20161 20164 468618 ??3@YAXPAX 20161->20164 20163 459cba 20164->20163 20165 41507d 20166 415090 20165->20166 20167 415088 20165->20167 20169 4150a6 20166->20169 20170 43e9ee 35 API calls 20166->20170 20168 413177 548 API calls 20167->20168 20168->20166 20170->20169

                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                Function 0041FCD7 Relevance: 32.7, APIs: 8, Strings: 10, Instructions: 1249COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 0048FB98
                                                                                                                                                                                                                                                  • Part of subcall function 004045F5: ??2@YAPAXI@Z.MSVCRT ref: 00404604
                                                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0049055A
                                                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00490585
                                                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004905CC
                                                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004905F5
                                                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004909DE
                                                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00490A09
                                                                                                                                                                                                                                                • __allrem.LIBCMT ref: 00490B41
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$??2@$__allrem
                                                                                                                                                                                                                                                • String ID: &license=%U$2348764555$B]V$B_V$Haven't heard from raptor in a long time, reconnecting$bugmenot$clientid$http%s://%U:%U@%s:%d/attach?name=%U&clientid=%U&version=%d%s$http://localhost$proxy = http://localhost:%d/proxy/0/; expires = %s GMT
                                                                                                                                                                                                                                                • API String ID: 3390728972-980621694
                                                                                                                                                                                                                                                • Opcode ID: 936186a85569d7989a643cdda461a6d79cd433583b126cad51556308ae3ecdc5
                                                                                                                                                                                                                                                • Instruction ID: 8c0dfd95f2015dd9e5587dfd13f6de6fd499b3d0d9605ae1e26d2188d90c73ef
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 936186a85569d7989a643cdda461a6d79cd433583b126cad51556308ae3ecdc5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BCB28974A006059FCF14EFA5E8817AE7BB1AB65308F14443FE441A73A1DB389D89DF58
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0043CB3D Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 62COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 549 43cb3d-43cb4b 550 43cb54-43cb6d GetVersionExW 549->550 551 43cb4d-43cb4f 549->551 553 43cb73-43cb7c 550->553 554 43cb6f-43cb71 550->554 552 43cbe9-43cbeb 551->552 555 43cb98-43cb9f 553->555 556 43cb7e-43cb85 553->556 554->552 557 43cba1-43cbae 555->557 559 43cbe1-43cbe3 555->559 556->557 558 43cb87-43cb96 556->558 560 43cbaf-43cbc0 LoadLibraryA 557->560 558->560 561 43cbe7-43cbe8 559->561 560->559 562 43cbc2-43cbd0 GetProcAddress 560->562 561->552 563 43cbd2-43cbd8 562->563 564 43cbda-43cbdb FreeLibrary 562->564 563->564 566 43cbe5 563->566 564->559 566->561
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetVersionExW.KERNEL32(?,00000000), ref: 0043CB65
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Version
                                                                                                                                                                                                                                                • String ID: InitSecurityInterfaceA$Secur32.dll$Security.dll
                                                                                                                                                                                                                                                • API String ID: 1889659487-120424522
                                                                                                                                                                                                                                                • Opcode ID: f86369792efebf1cbc9a667f6c0f5878fc807da0936c2e841876adaceadf0360
                                                                                                                                                                                                                                                • Instruction ID: ca89516d146353be0b8cf92b680ff75ad48473e28c0056155b85ac76703b81f7
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f86369792efebf1cbc9a667f6c0f5878fc807da0936c2e841876adaceadf0360
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9B118631904619DBCF218E25ACCA6D7F3A95F1A711F0010F6D905FF201D779A9898BAA
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00466AA1 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42libraryloaderCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 615 466aa1-466ab1 616 466ab3-466ab6 615->616 617 466acc-466acf 615->617 618 466af2-466af8 616->618 619 466ab8-466ac3 LoadLibraryA 616->619 620 466ae7-466ae8 617->620 621 466ad1-466adb GetProcAddress 617->621 622 466ac5-466aca 619->622 623 466aea-466af0 GetLastError 619->623 620->616 624 466adf-466ae5 621->624 625 466add 621->625 622->617 622->622 623->618 624->622 625->624
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(wininet.dll,00000000,004879A0,?,?,0044C651,00000000,?,?,?,?,?,?,00459CFD,00459C7E,?), ref: 00466AB9
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,wininet.dll), ref: 00466AD3
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,0044C651,00000000,?,?,?,?,?,?,00459CFD,00459C7E,?,00000000), ref: 00466AEA
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AddressErrorLastLibraryLoadProc
                                                                                                                                                                                                                                                • String ID: wininet.dll
                                                                                                                                                                                                                                                • API String ID: 3511525774-3354682871
                                                                                                                                                                                                                                                • Opcode ID: daff001abb3e70ba646bc644a6ca82468a865f3399cedef8fc47b8312c838540
                                                                                                                                                                                                                                                • Instruction ID: a11fecdcda467665f9f3dcdf23df545e30d05eb4b71810a525643f4418298fc5
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: daff001abb3e70ba646bc644a6ca82468a865f3399cedef8fc47b8312c838540
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 83F0F6750811A11BD7220AA598147E7BB989F93350F2AC42FE8C5A3301F6398C86C66F
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004E4E14 Relevance: 6.1, APIs: 4, Instructions: 80encryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 662 4e4e14-4e4e21 663 4e4ed8-4e4eda 662->663 664 4e4e27-4e4e3a 662->664 665 4e4e3c-4e4e41 664->665 666 4e4e6b-4e4e6d 664->666 667 4e4e52-4e4e56 665->667 668 4e4e43-4e4e4c CryptCreateHash 665->668 669 4e4e6f-4e4e77 666->669 670 4e4e9d-4e4ea3 666->670 667->666 674 4e4e58-4e4e69 CryptHashData 667->674 668->667 669->670 671 4e4e79-4e4e9b memcpy call 4e3de5 669->671 672 4e4ebd-4e4ec1 670->672 673 4e4ea5 670->673 671->670 677 4e4ed6-4e4ed7 672->677 678 4e4ec3-4e4ed3 memcpy 672->678 676 4e4ea8-4e4ebb call 4e3de5 673->676 674->666 674->677 676->672 677->663 678->677
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CryptCreateHash.ADVAPI32(01124188,00008004,00000000,00000000,?,?,00000008,?,?,004E5059,?,?,00000000,0041155C,?,?), ref: 004E4E4C
                                                                                                                                                                                                                                                • CryptHashData.ADVAPI32(?,00000000,?,00000000,?,00000008,?,?,004E5059,?,?,00000000,0041155C,?,?), ref: 004E4E61
                                                                                                                                                                                                                                                • memcpy.MSVCRT ref: 004E4E82
                                                                                                                                                                                                                                                • memcpy.MSVCRT ref: 004E4ECE
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CryptHashmemcpy$CreateData
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 93945819-0
                                                                                                                                                                                                                                                • Opcode ID: 6e2b37a3d8be4364ceabc488908b02911291848e6b3dded46cca57888bba4072
                                                                                                                                                                                                                                                • Instruction ID: 5d419054efb6b2906744a7db0d80804d69d2cf273b331af5eae7b739310e840b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6e2b37a3d8be4364ceabc488908b02911291848e6b3dded46cca57888bba4072
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 98219072500709BBDF218F6ACC84D9A77A9BF94356F00852AFA1986240D379DA548B58
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004E3D0A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35encryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 682 4e3d0a-4e3d13 683 4e3d15-4e3d27 call 466aa1 682->683 684 4e3d60-4e3d61 682->684 683->684 687 4e3d29-4e3d44 CryptAcquireContextA 683->687 688 4e3d5f 687->688 689 4e3d46-4e3d55 CryptAcquireContextA 687->689 688->684 689->688 690 4e3d57-4e3d59 GetLastError 689->690 690->688
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00466AA1: LoadLibraryA.KERNEL32(wininet.dll,00000000,004879A0,?,?,0044C651,00000000,?,?,?,?,?,?,00459CFD,00459C7E,?), ref: 00466AB9
                                                                                                                                                                                                                                                  • Part of subcall function 00466AA1: GetProcAddress.KERNEL32(00000000,wininet.dll), ref: 00466AD3
                                                                                                                                                                                                                                                  • Part of subcall function 00466AA1: GetLastError.KERNEL32(?,?,0044C651,00000000,?,?,?,?,?,?,00459CFD,00459C7E,?,00000000), ref: 00466AEA
                                                                                                                                                                                                                                                • CryptAcquireContextA.ADVAPI32(00566D98,00000000,00000000,00000001,00000000,00000000,00000000,?,004E3D6C,?,00000000,00000008,00411548), ref: 004E3D3C
                                                                                                                                                                                                                                                • CryptAcquireContextA.ADVAPI32(00566D98,00000000,00000000,00000001,00000008), ref: 004E3D4D
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AcquireContextCrypt$AddressErrorLastLibraryLoadProc
                                                                                                                                                                                                                                                • String ID: advapi32.dll
                                                                                                                                                                                                                                                • API String ID: 2673840251-4050573280
                                                                                                                                                                                                                                                • Opcode ID: 7e39edf2afd25fa47a0f5124ddda1706f034e3176fa59a49f50341efe2b34c16
                                                                                                                                                                                                                                                • Instruction ID: 26f7acf50d9e35fe8ab4498a7b605f887d40712980ee90815e031629486cc59f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7e39edf2afd25fa47a0f5124ddda1706f034e3176fa59a49f50341efe2b34c16
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3BF0E570342294BAF7211B5A6CC8FA76A9CAB2138BF04006AF209AB292C2D51C4482A4
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 005C3C00 Relevance: 2.4, APIs: 1, Instructions: 879memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • VirtualProtect.KERNEL32(-00001000,00001000,00000004,?,00000018), ref: 005C4793
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                                                                                                                • Opcode ID: adc767022a725d7b59a43354edcefaa6b920ae0b6e695f04c20663282151ebdd
                                                                                                                                                                                                                                                • Instruction ID: c82c76eaa7c433a81f545ea17fe59400075ed6e2d987560102243a7c2a33a7b6
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: adc767022a725d7b59a43354edcefaa6b920ae0b6e695f04c20663282151ebdd
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 98728A315083558FD724CF68C890B6ABBE1FF8A384F154A2DE9A58B351E371D985CF82
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0042C20F Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 84processCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 537 42c20f-42c239 memset 538 42c275-42c2a3 CreateProcessW 537->538 539 42c23b-42c259 GetCurrentProcess * 2 DuplicateHandle 537->539 542 42c2a5-42c2aa 538->542 543 42c2bd-42c2bf 538->543 540 42c25b 539->540 541 42c25e-42c271 539->541 540->541 541->538 544 42c2b3-42c2b6 CloseHandle 542->544 545 42c2ac-42c2b1 542->545 546 42c2c1-42c2c4 CloseHandle 543->546 547 42c2c6-42c2d2 543->547 548 42c2b8-42c2bb CloseHandle 544->548 545->548 546->547 548->543
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • memset.MSVCRT ref: 0042C229
                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000000,00000000,00000001,00000002,00000002,00000000,BitTorrent.exe /RECOVER "%s"), ref: 0042C24A
                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000000,00000000), ref: 0042C24E
                                                                                                                                                                                                                                                • DuplicateHandle.KERNEL32(00000000), ref: 0042C251
                                                                                                                                                                                                                                                • CreateProcessW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000002,00000000,BitTorrent.exe /RECOVER "%s"), ref: 0042C292
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 0042C2B6
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 0042C2BB
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 0042C2C4
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • BitTorrent.exe /RECOVER "%s", xrefs: 0042C215
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Handle$CloseProcess$Current$CreateDuplicatememset
                                                                                                                                                                                                                                                • String ID: BitTorrent.exe /RECOVER "%s"
                                                                                                                                                                                                                                                • API String ID: 882071121-2010193037
                                                                                                                                                                                                                                                • Opcode ID: b96cfb0b046d5bd1e99f5a1aabe2f82ea360da900786aaac830b0f69a769c456
                                                                                                                                                                                                                                                • Instruction ID: 5b5300a1149db00d04fe8fe52acc6098fdea3c944eec8274429d8a73a2878caf
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b96cfb0b046d5bd1e99f5a1aabe2f82ea360da900786aaac830b0f69a769c456
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 02212A71E00218ABCB119FE6DC89EDFBFB9EF84750F14806AF914AA254D6358941CFA4
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004371FA Relevance: 9.0, APIs: 6, Instructions: 27threadCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetCurrentThread.KERNEL32 ref: 0043720B
                                                                                                                                                                                                                                                • SetThreadPriority.KERNEL32(00000000), ref: 00437214
                                                                                                                                                                                                                                                • GetCurrentThread.KERNEL32 ref: 0043722A
                                                                                                                                                                                                                                                • SetThreadPriority.KERNEL32(00000000), ref: 00437233
                                                                                                                                                                                                                                                • GetCurrentThread.KERNEL32 ref: 00437237
                                                                                                                                                                                                                                                • SetThreadPriority.KERNEL32(00000000), ref: 0043723A
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Thread$CurrentPriority
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1343868529-0
                                                                                                                                                                                                                                                • Opcode ID: 676de2501da33460a3ae05aab1acf7e72cd43594922d2dc9fdf2b0796fd57fec
                                                                                                                                                                                                                                                • Instruction ID: 98b7f03d03192239b80dc3813169242e7629338a1043ac82295b91da3c824815
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 676de2501da33460a3ae05aab1acf7e72cd43594922d2dc9fdf2b0796fd57fec
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 20E0D872D0816411CD202BE62C44F1F2A1CEBC9331F1A0497F3009F180856458414BA7
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004A1A2E Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 57windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 573 4a1a2e-4a1a48 574 4a1a5a-4a1a6e FormatMessageW 573->574 575 4a1a4a-4a1a54 GetModuleHandleA 573->575 576 4a1a83-4a1a8b 574->576 577 4a1a70-4a1a80 call 48a63b 574->577 575->574 579 4a1a8d-4a1a94 576->579 580 4a1ab3-4a1abf 576->580 577->576 582 4a1a9c-4a1aa1 579->582 583 4a1a96-4a1a9a 579->583 584 4a1aab-4a1ab1 582->584 585 4a1aa3-4a1aa5 582->585 583->582 586 4a1aa6-4a1aaa 583->586 584->579 584->580 585->586 586->584
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(wininet.dll,00000000,The operation timed out ,?,0046BA46,00000100,00000000,0044C045,00000000,0044C07D,00000000,?,?,?,?), ref: 004A1A54
                                                                                                                                                                                                                                                • FormatMessageW.KERNEL32(00001200,00000000,00000000,00000000,The operation timed out ,?,00000000,00000000,The operation timed out ,?,0046BA46,00000100,00000000,0044C045,00000000,0044C07D), ref: 004A1A66
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: FormatHandleMessageModule
                                                                                                                                                                                                                                                • String ID: Error %d$The operation timed out $wininet.dll
                                                                                                                                                                                                                                                • API String ID: 2046974992-90712504
                                                                                                                                                                                                                                                • Opcode ID: 3dde001c2327f083cf9dcb426aedc41811d6a8ab0e6d22cb4d1362dbdefba313
                                                                                                                                                                                                                                                • Instruction ID: 0eed037ef3699914dad17e00d115bbe2e2051c89b5c168254f12c8c7dfa22c3e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3dde001c2327f083cf9dcb426aedc41811d6a8ab0e6d22cb4d1362dbdefba313
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 61014C2270130155E7206B15CC49F77B7ACEFA7711F14402BF242C72F1D6A84C81C66E
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004A1BCF Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 587 4a1bcf-4a1bea call 46fc81 590 4a1bec-4a1bf9 GetFileSize 587->590 591 4a1c41-4a1c46 587->591 593 4a1c3a-4a1c3b CloseHandle 590->593 594 4a1bfb-4a1bff 590->594 592 4a1c53-4a1c57 591->592 593->591 595 4a1c11-4a1c1d call 468620 594->595 596 4a1c01-4a1c05 594->596 595->593 600 4a1c1f-4a1c28 call 4a0d53 595->600 596->595 597 4a1c07-4a1c0f SetLastError 596->597 597->593 602 4a1c2d-4a1c2f 600->602 603 4a1c48-4a1c51 CloseHandle 602->603 604 4a1c31-4a1c35 call 468618 602->604 603->592 604->593
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 0046FC81: CreateFileW.KERNEL32(?,00008000,00000000,00000000,00000030,00000000,00000000,00000000,0044C067,00000080,00000000,004879A0,0044C623,?,?), ref: 0046FCCB
                                                                                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,00000080,00000000,?,00000008,?,00000000,0041327C,01000000,00000000,00000008,00000000), ref: 004A1BEE
                                                                                                                                                                                                                                                • SetLastError.KERNEL32(00000008,?,00000000,0041327C,01000000,00000000,00000008,00000000), ref: 004A1C09
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,00000000,0041327C,01000000,00000000,00000008,00000000), ref: 004A1C3B
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,00000000,?,00000000,0041327C,01000000,00000000,00000008,00000000), ref: 004A1C49
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CloseFileHandle$CreateErrorLastSize
                                                                                                                                                                                                                                                • String ID: |2A
                                                                                                                                                                                                                                                • API String ID: 628521544-1308716369
                                                                                                                                                                                                                                                • Opcode ID: aa660af55d01a2f4240aa81fc3c69f27019cb2bad61fec924710b5e3bdaaab42
                                                                                                                                                                                                                                                • Instruction ID: 1ce54f2dd0daeea992d89eee4c80afb91131089468f81cdf9afb8c867e97f47a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: aa660af55d01a2f4240aa81fc3c69f27019cb2bad61fec924710b5e3bdaaab42
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8D0121312802145BC3202B3A9C88B6BB7999BE7735F04423BF952D72E1DE399C05827E
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004A2051 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 50timeCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • FileTimeToSystemTime.KERNEL32(?,?,?,00000000,00000000,0000003C,00000000), ref: 004A2073
                                                                                                                                                                                                                                                • GetDateFormatA.KERNELBASE(00000400,00000000,?,ddd','dd'-'MMM'-'yyyy,?,00000030), ref: 004A2090
                                                                                                                                                                                                                                                • GetTimeFormatA.KERNEL32(00000400,00000000,?,HH':'mm':'ss',?,00000030), ref: 004A20B2
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Time$Format$DateFileSystem
                                                                                                                                                                                                                                                • String ID: HH':'mm':'ss'$ddd','dd'-'MMM'-'yyyy
                                                                                                                                                                                                                                                • API String ID: 3098269223-2310708519
                                                                                                                                                                                                                                                • Opcode ID: 42d1b12ee22dd030c8a9843f44aea306442f1f5275c8359f16d50f4b92bf5bd1
                                                                                                                                                                                                                                                • Instruction ID: 837c10bafb81a3ec0465ef38e833e18109eed65ebddadc7d89db20cbc4266280
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 42d1b12ee22dd030c8a9843f44aea306442f1f5275c8359f16d50f4b92bf5bd1
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F0019A76600218BBDB10EBB99C49FFE7B6CBB48744F140829BA14DB182D6749909CB69
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004A15A7 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 21networkCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 626 4a15a7-4a15be call 4a10e3 629 4a15ce 626->629 630 4a15c0-4a15cc InternetSetCookieA 626->630 631 4a15d0-4a15d2 629->631 630->631
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 004A10E3: GetModuleHandleA.KERNEL32(comctl32.dll,00000000,00000000,0046685D,0000000C,?,00000000,00000000,?,?,004B36F4,?), ref: 004A10EA
                                                                                                                                                                                                                                                  • Part of subcall function 004A10E3: LoadLibraryA.KERNEL32(comctl32.dll,?,004B36F4,?), ref: 004A10F5
                                                                                                                                                                                                                                                  • Part of subcall function 004A10E3: GetProcAddress.KERNEL32(00000000,TaskDialogIndirect), ref: 004A1101
                                                                                                                                                                                                                                                • InternetSetCookieA.WININET(http://localhost,00000000,00000000,00000000,0000003C,00490AF2,?,00000000,?,00000000), ref: 004A15C4
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AddressCookieHandleInternetLibraryLoadModuleProc
                                                                                                                                                                                                                                                • String ID: InternetSetCookieA$http://localhost$wininet.dll
                                                                                                                                                                                                                                                • API String ID: 706133568-963432639
                                                                                                                                                                                                                                                • Opcode ID: 72c2c044d03b25bded4af92ed1aa8449fe2a3d23ccfa72e63ec0cba6a4a43274
                                                                                                                                                                                                                                                • Instruction ID: c708a196c6c15d85999e21686a332c819ff3d2f5206c658d5eee7367eae7cddf
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 72c2c044d03b25bded4af92ed1aa8449fe2a3d23ccfa72e63ec0cba6a4a43274
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 66D0A721344166318A20147BAC01AAB0DCD8BE7760F140137740AD71D0DC0488025079
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004A1D2F Relevance: 6.1, APIs: 4, Instructions: 93COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 632 4a1d2f-4a1d3a 633 4a1d3d-4a1d45 632->633 633->633 634 4a1d47-4a1d52 633->634 635 4a1d61-4a1d6e GetLastError 634->635 636 4a1d54-4a1d5f call 401000 634->636 638 4a1d74-4a1d8c memcpy 635->638 636->638 640 4a1d8e-4a1d92 638->640 641 4a1da6-4a1da9 638->641 640->641 642 4a1d94-4a1d9b 640->642 643 4a1dab-4a1db0 641->643 644 4a1db5-4a1db7 641->644 645 4a1db9-4a1dbc 642->645 646 4a1d9d-4a1da1 642->646 643->644 647 4a1db2 643->647 648 4a1dff-4a1e0a call 421e44 644->648 649 4a1dbe-4a1dc6 645->649 646->645 651 4a1da3 646->651 647->644 656 4a1e0c 648->656 657 4a1dd4-4a1de1 CreateDirectoryW 648->657 652 4a1dcb-4a1dce 649->652 653 4a1dc8-4a1dc9 649->653 651->641 652->649 655 4a1dd0-4a1dd2 652->655 653->644 653->652 658 4a1e0e-4a1e15 655->658 656->658 659 4a1de3-4a1dee GetLastError 657->659 660 4a1df0-4a1dfa 657->660 659->655 659->660 660->656 661 4a1dfc 660->661 661->648
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(74DF20B0,74DEE010,00000000,00000000,?,0043E8D8,?,?,?,?,00000000,?,?,?), ref: 004A1D61
                                                                                                                                                                                                                                                • memcpy.MSVCRT ref: 004A1D7E
                                                                                                                                                                                                                                                • CreateDirectoryW.KERNEL32(0043E8D8,00000000,?,?,0043E8D8,?,?,?,?,00000000,?,?,?), ref: 004A1DD9
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,0043E8D8,?,?,?,?,00000000,?,?,?), ref: 004A1DE3
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ErrorLast$CreateDirectorymemcpy
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2096187785-0
                                                                                                                                                                                                                                                • Opcode ID: ef45a01a79a750ce43151acdbb0c55d6a3cc171b08ebdee7d40598b3325d0f29
                                                                                                                                                                                                                                                • Instruction ID: 3ac3dc40ff125a3e767cc2c3b7f4145d5d3c8132b0e46f787936e974d1b22e66
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ef45a01a79a750ce43151acdbb0c55d6a3cc171b08ebdee7d40598b3325d0f29
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E321F635A006119BDB359B55D841AB7B3F5EB36344F00862BD946C72A0F7B8EE4083D9
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004A026C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 21COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 691 4a026c-4a028b call 43c5ff 694 4a028d-4a0290 691->694 695 4a0292-4a029a FindCloseChangeNotification 691->695 694->695
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 0043C5FF: CreateThread.KERNEL32(?,?,?,?,?,?), ref: 0043C625
                                                                                                                                                                                                                                                • FindCloseChangeNotification.KERNEL32(00000000,dtfun,00000000,00000000,0048C9EB,?,00000000,00000000,0048C9EB,?,0048CAE7,00000000,0048FFC2,00000000,?,00000000), ref: 004A0293
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ChangeCloseCreateFindNotificationThread
                                                                                                                                                                                                                                                • String ID: dtfun
                                                                                                                                                                                                                                                • API String ID: 4060959955-4208289573
                                                                                                                                                                                                                                                • Opcode ID: a79ba7a002634996a044ade0f96ad537304e6f7357a8c78a7e953160edb8a831
                                                                                                                                                                                                                                                • Instruction ID: 3a859a9764f2ee26bf13cf3d5224ec3f9d50903f0eec0341dcae3ee66a77da6c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a79ba7a002634996a044ade0f96ad537304e6f7357a8c78a7e953160edb8a831
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5EE0C2B0700308BFEB08DB91CC46F7F776CEB80B44F204019B501AA1C0C5B4BD008728
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0046864F Relevance: 3.0, APIs: 2, Instructions: 41COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 696 46864f-468657 697 468662-468664 696->697 698 468659-46865d 696->698 700 468666-46866f ??3@YAXPAX@Z 697->700 701 468678-468683 realloc 697->701 702 468633-468635 698->702 703 46862c 698->703 704 468685-468687 700->704 701->704 705 468671-468673 call 4a0163 701->705 706 468637-46863a 702->706 707 468642-46864b malloc 702->707 703->702 705->701 709 46864d-46864e 707->709 710 46863b-46863d call 4a0163 707->710 710->707
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ??3@
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 613200358-0
                                                                                                                                                                                                                                                • Opcode ID: aed804886c0c901c2cbc7e72088bf5850927e947ebdb5d0f6f587539e1148540
                                                                                                                                                                                                                                                • Instruction ID: db61aecf8e1706f7fd255cdc1c82c8ee31a1c7d84fb4cf551ad39dba11242865
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: aed804886c0c901c2cbc7e72088bf5850927e947ebdb5d0f6f587539e1148540
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1AF0A033648131128A2A551EB8247BF43894BD5BB6F16422FE844D6340FE4C8C4351EE
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0042C1BF Relevance: 3.0, APIs: 2, Instructions: 26networkCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 712 42c1bf-42c1cf 713 42c1d1-42c1d4 712->713 714 42c1d5-42c1e9 WSAStartup 712->714 715 42c20b-42c20e 714->715 716 42c1eb-42c1f3 714->716 717 42c205 WSACleanup 716->717 718 42c1f5-42c1fa 716->718 717->715 718->717 719 42c1fc-42c203 718->719 719->713
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CleanupStartup
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 915672949-0
                                                                                                                                                                                                                                                • Opcode ID: e0220b2fd626ff9b64334ce4e264a1ace05ab9cde47feb97523b81cb4f6f356d
                                                                                                                                                                                                                                                • Instruction ID: e0b133222fb4041eff9e7a3b681a7da404ee6f4910e335aa90da5fdb24dd8136
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e0220b2fd626ff9b64334ce4e264a1ace05ab9cde47feb97523b81cb4f6f356d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 91E09B7060016C9DDB2157A97C8A3FA37996765308F800097E455C6293D55498869A2A
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004A0D53 Relevance: 3.0, APIs: 2, Instructions: 21fileCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 720 4a0d53-4a0d6a ReadFile 721 4a0d6c-4a0d72 GetLastError 720->721 722 4a0d74-4a0d7e 720->722 723 4a0d83-4a0d84 721->723 722->723
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • ReadFile.KERNEL32(00000000,00000000,00000008,00000000,00000000,00000000,00000000,004A1C2D,00000000,?,00000000,0041327C,01000000,00000000,00000008,00000000), ref: 004A0D62
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000000,0041327C,01000000,00000000,00000008,00000000), ref: 004A0D6C
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ErrorFileLastRead
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1948546556-0
                                                                                                                                                                                                                                                • Opcode ID: 26c2956b3bc82baf08e951642dab21b1dfa9a8331bbb2650d28e4c0fe5735f54
                                                                                                                                                                                                                                                • Instruction ID: 0a58c092d93984f038659167eabc7761f705d6155625602c9bc221b7d2791f6f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 26c2956b3bc82baf08e951642dab21b1dfa9a8331bbb2650d28e4c0fe5735f54
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 07E0ECB2264109BFEB04DFA5CC46EAA7BACEB11744F104225B605C5190D679EA4096A9
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004649F5 Relevance: 3.0, APIs: 2, Instructions: 17windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • LoadImageA.USER32(00000000,00000001,00000000,00000000,00000000,004B39ED), ref: 00464A0A
                                                                                                                                                                                                                                                • LoadIconA.USER32(00000000,004B39ED), ref: 00464A1B
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Load$IconImage
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 666102371-0
                                                                                                                                                                                                                                                • Opcode ID: 87549dd4bb09d760da7f865da9a9f75fb199deb147e65b0df45154537333af77
                                                                                                                                                                                                                                                • Instruction ID: fc93bbf33923bdc29fd59a1b45da1901f909e2eefa8f4c3894df3b3c0560ac14
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 87549dd4bb09d760da7f865da9a9f75fb199deb147e65b0df45154537333af77
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C2D0C9F40510507EEE10AB71EC88E7A3A9FE3A53017440022B441E55B1D2569D44E624
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00437DC5 Relevance: 1.7, APIs: 1, Instructions: 207COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 0043C3B8: RtlEnterCriticalSection.NTDLL(00543978), ref: 0043C3C4
                                                                                                                                                                                                                                                  • Part of subcall function 0043C3B8: RtlEnterCriticalSection.NTDLL(005431B8), ref: 0043C3D0
                                                                                                                                                                                                                                                  • Part of subcall function 0043C3B8: GetCurrentThreadId.KERNEL32 ref: 0043C419
                                                                                                                                                                                                                                                  • Part of subcall function 0043C3B8: GetCurrentThreadId.KERNEL32 ref: 0043C425
                                                                                                                                                                                                                                                  • Part of subcall function 0043C3B8: RtlLeaveCriticalSection.NTDLL(005431B8), ref: 0043C42C
                                                                                                                                                                                                                                                • GlobalMemoryStatus.KERNEL32(?), ref: 00437E32
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CriticalSection$CurrentEnterThread$GlobalLeaveMemoryStatus
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2385593929-0
                                                                                                                                                                                                                                                • Opcode ID: 0f889d4424f0f4fa6c30808fa23939813edeb32311a1d51edeeb6511d1c03f79
                                                                                                                                                                                                                                                • Instruction ID: f85bd123434733c25020c2e3ba2bee98d5577a5ee30d0ab73d08c649150803da
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0f889d4424f0f4fa6c30808fa23939813edeb32311a1d51edeeb6511d1c03f79
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 866104B5E041609FDB28DF39DC819B97BA9EB5A30CF85816FF040D7320D6788C49AB58
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00442A1B Relevance: 1.5, APIs: 1, Instructions: 38registryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • RegQueryValueExW.KERNEL32(00000000,?,00000000,?,00000001,00000000,00000000,?,00442AB7,?,?,00000001,?,?,00443CE0,?), ref: 00442A37
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: QueryValue
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3660427363-0
                                                                                                                                                                                                                                                • Opcode ID: 83cef316d60e3a72a4586e062e1a7cf283a5390cf993fb36576918d6f3215aef
                                                                                                                                                                                                                                                • Instruction ID: 9e13abb43c2e94d8e3c0c8bc811072072c3b357ec2cbbd8311866f92f744703a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 83cef316d60e3a72a4586e062e1a7cf283a5390cf993fb36576918d6f3215aef
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DDF0497521120AEBDF28CF60DB41AAF37A9AF04744F10442AFC02E6660D371DE50DA69
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0044BF8B Relevance: 1.5, APIs: 1, Instructions: 38networkCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00468618: ??3@YAXPAX@Z.MSVCRT ref: 00468619
                                                                                                                                                                                                                                                • InternetCloseHandle.WININET(00000000), ref: 0044BFE8
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ??3@CloseHandleInternet
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 4067462739-0
                                                                                                                                                                                                                                                • Opcode ID: 6e47f2078bf96202c608a6d15186d65a71b746f39997092fbbd9cff9e3114497
                                                                                                                                                                                                                                                • Instruction ID: 655d0073e80e446d6a3aa6120acbe65ac203358a74ad795ffb257db75b2e5e0e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6e47f2078bf96202c608a6d15186d65a71b746f39997092fbbd9cff9e3114497
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5FF081711017818BC321AF6DD881496F7F5FF5A3283144A2ED1EA83752C735A949CB95
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0043C5FF Relevance: 1.5, APIs: 1, Instructions: 37threadCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CreateThread.KERNEL32(?,?,?,?,?,?), ref: 0043C625
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CreateThread
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2422867632-0
                                                                                                                                                                                                                                                • Opcode ID: f9f95c2ab982565c15a3cd51bbe0290331a2329acef78f87bd41ad26f2844460
                                                                                                                                                                                                                                                • Instruction ID: a5dbc5bf66bed7fef54cfbb71693aa2dd1a914a8d7f538e43ecbd3afa9e4c24c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f9f95c2ab982565c15a3cd51bbe0290331a2329acef78f87bd41ad26f2844460
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F7F03C36A00118BBCF01DF99D841ADE7BB9BF9C754F00406AFE04B7250D7349A159BD4
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0045A7A9 Relevance: 1.5, APIs: 1, Instructions: 33windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • PostMessageW.USER32(?,0000803A,?,00000000), ref: 0045A7F4
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: MessagePost
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 410705778-0
                                                                                                                                                                                                                                                • Opcode ID: 6387575c6870eb8b4ed956fe85911611404bd7e4d36cad76bc60916584bc8865
                                                                                                                                                                                                                                                • Instruction ID: a9fb43376251af37d4efdf507095df1de28cf1e634aa3513fe441c1190064381
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6387575c6870eb8b4ed956fe85911611404bd7e4d36cad76bc60916584bc8865
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6BF097353803526FEB05D310AC19BD73B98A77530EF08800AFC418B3A2DB35C908C316
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0046FC81 Relevance: 1.5, APIs: 1, Instructions: 27fileCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(?,00008000,00000000,00000000,00000030,00000000,00000000,00000000,0044C067,00000080,00000000,004879A0,0044C623,?,?), ref: 0046FCCB
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CreateFile
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 823142352-0
                                                                                                                                                                                                                                                • Opcode ID: 34be99a4df0659f66ffc45907976650f669dbc34d7c1ceb35c7f5e6f59f355c8
                                                                                                                                                                                                                                                • Instruction ID: 05b2bf8f26c71c4f0cef5e4589d88419b66cc440a61bf23c3ab91a75f3411fe6
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 34be99a4df0659f66ffc45907976650f669dbc34d7c1ceb35c7f5e6f59f355c8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 79F02B33101211AEE32987469C85F57BF9BFBC4310F18D1A5F4444D4E5C374988187A4
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00443BD8 Relevance: 1.5, APIs: 1, Instructions: 14registryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00442A06: RegCloseKey.KERNEL32(?,00000000,00443BE0,00000000,00443CBB,80000002,SOFTWARE\NVIDIA Corporation\nForce\network management\Settings,00020019,?,80000002,?,004B351D,Version,?,00000014), ref: 00442A10
                                                                                                                                                                                                                                                • RegOpenKeyExW.KERNEL32(?,?,00000000,?,00000000,00000000,00443CBB,80000002,SOFTWARE\NVIDIA Corporation\nForce\network management\Settings,00020019,?,80000002,?,004B351D,Version,?), ref: 00443BEF
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CloseOpen
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 47109696-0
                                                                                                                                                                                                                                                • Opcode ID: e6e61b4e1139124512d0c4bf1d47d5d43052b3154064fb2fa45849c4338c0c13
                                                                                                                                                                                                                                                • Instruction ID: 27eb3eee8b7a423b2ae2d0062fb25aff889c2060e01e461cfa5658acbba1d7d5
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e6e61b4e1139124512d0c4bf1d47d5d43052b3154064fb2fa45849c4338c0c13
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 24D02232058231AAC730AF309C00F8B7E94EFA5740F00092AB041A00B1C1A2C81697A1
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0046FA30 Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetFileAttributesW.KERNEL32(00000000,0043E6FA,00000000,?,?,?), ref: 0046FA31
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AttributesFile
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3188754299-0
                                                                                                                                                                                                                                                • Opcode ID: c7e71d50e694e8ffbc774fd61fa7f03cb8c02ba1148b86d7ca0ded9769f30fe5
                                                                                                                                                                                                                                                • Instruction ID: 6fe87dcae37de31e638c70758e3c92da20d63baf0a855fcbbbbf760307805aa5
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c7e71d50e694e8ffbc774fd61fa7f03cb8c02ba1148b86d7ca0ded9769f30fe5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 33B092B0522740099A241A782C480272249BA8223BF640F75FCFEC05EAFB38C84AA009
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00442A06 Relevance: 1.5, APIs: 1, Instructions: 10registryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • RegCloseKey.KERNEL32(?,00000000,00443BE0,00000000,00443CBB,80000002,SOFTWARE\NVIDIA Corporation\nForce\network management\Settings,00020019,?,80000002,?,004B351D,Version,?,00000014), ref: 00442A10
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Close
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3535843008-0
                                                                                                                                                                                                                                                • Opcode ID: d656e0732be45c8aa06141d7b783103bcc3aa4426a1adeda529f3cb3e35a2039
                                                                                                                                                                                                                                                • Instruction ID: f3813982204b5ae850940b5f19d2ed492c129e3a370f6e81e8cb5ac3dee6d7ca
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d656e0732be45c8aa06141d7b783103bcc3aa4426a1adeda529f3cb3e35a2039
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 36C04C3151522147D7709F59F94476273E85F04362F15045AB880EA145D6A48880869C
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0046F963 Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • MoveFileExW.KERNEL32(00000000,00000000,00000003,00419371,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0046F967
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: FileMove
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3562171763-0
                                                                                                                                                                                                                                                • Opcode ID: 62e678050b418ed3269c80eb1cc93f84927cf59ae1a752fe06cb702acdfe88ba
                                                                                                                                                                                                                                                • Instruction ID: 7d1c7d2fccbcf1fe70de56a0e2fbbc147d1f11a834c6aaf3b0a521b258906df2
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 62e678050b418ed3269c80eb1cc93f84927cf59ae1a752fe06cb702acdfe88ba
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B0A002F0A502526AED395B22AE59F26292C97C0B01F00459872056809145A58600C925
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00468618 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ??3@
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 613200358-0
                                                                                                                                                                                                                                                • Opcode ID: 9250c5c465fd37cdc3bd4612cf0d16f04d37af42fff6203653576c9b1180dd0a
                                                                                                                                                                                                                                                • Instruction ID: 45983b04791fe9f6fc8fa831eb551b49d8276c24a9f9c84740e241472f3aab43
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9250c5c465fd37cdc3bd4612cf0d16f04d37af42fff6203653576c9b1180dd0a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00468620 Relevance: 1.3, APIs: 1, Instructions: 21COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 004A0163: InterlockedExchange.KERNEL32(00545818,00000001), ref: 004A016E
                                                                                                                                                                                                                                                  • Part of subcall function 004A0163: CloseHandle.KERNEL32(00000000,NoMemoryThread,00000000,00000000,004A0128,?,00000000,?,?,?,?,?,?,00459CFD,00459C7E,?), ref: 004A0193
                                                                                                                                                                                                                                                  • Part of subcall function 004A0163: Sleep.KERNEL32(000003E8,?,?,?,?,?,00459CFD,00459C7E,?,00000000), ref: 004A019E
                                                                                                                                                                                                                                                • malloc.MSVCRT ref: 00468643
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CloseExchangeHandleInterlockedSleepmalloc
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2802248930-0
                                                                                                                                                                                                                                                • Opcode ID: 30639cc934b31972bedbd8304a6321d20bcbef8f0aa1c8a81737a1a473a42ad3
                                                                                                                                                                                                                                                • Instruction ID: 2b6c4b89c3469657e212f24c2f23ca41b30995d4b04d1fd0ab1d710b86758c96
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 30639cc934b31972bedbd8304a6321d20bcbef8f0aa1c8a81737a1a473a42ad3
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 68D09E3261553102DA66662DB9147DF13840B557A5F05425FE844D6741EF4C8D4351DD
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                                Function 00411477 Relevance: 85.2, APIs: 10, Strings: 38, Instructions: 1167stringCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: _strcmpi_wcsicmpatoistrncpy
                                                                                                                                                                                                                                                • String ID: %s.alt$, ...$Windows-$acodec$announce$announce-list$attr$avi$comment$content_disposition$content_type$created by$creation date$domain$encoding$file-duration$file-media$files$height$info$length$name$name.utf-8$nodes$path$path.utf-8$piece length$pieces$private$profiles$rating$site$source$type$url$url-list$vcodec$width
                                                                                                                                                                                                                                                • API String ID: 1017739968-1960484708
                                                                                                                                                                                                                                                • Opcode ID: 44e2f3e3042e5fa3d72b4f06a5f11a5db5263019b9f836385ec3577f5c527469
                                                                                                                                                                                                                                                • Instruction ID: 4348065c471a443fd9d72da89ea76941e6554ee9951528493b5ca374543c7e6b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 44e2f3e3042e5fa3d72b4f06a5f11a5db5263019b9f836385ec3577f5c527469
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D292A3306002549BCF25EF25C981AEE77A2BF85704F14452FF9169B3A2DB78DC91CB98
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0042C2E5 Relevance: 21.1, APIs: 3, Strings: 9, Instructions: 147windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 004B3470: GetModuleHandleA.KERNEL32(?,00000000), ref: 004B34A9
                                                                                                                                                                                                                                                  • Part of subcall function 004B3470: GetCurrentProcess.KERNEL32(00000001), ref: 004B34D8
                                                                                                                                                                                                                                                  • Part of subcall function 004B3470: _strncoll.MSVCRT ref: 004B3544
                                                                                                                                                                                                                                                  • Part of subcall function 004B3470: atoi.MSVCRT ref: 004B3554
                                                                                                                                                                                                                                                  • Part of subcall function 004B3470: GetModuleHandleA.KERNEL32(0050CE14), ref: 004B35C5
                                                                                                                                                                                                                                                • IsIconic.USER32(00000000), ref: 0042C32A
                                                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 0042C44F
                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000002,00000000,00000000,00000000), ref: 0042C47C
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • BitTorrent has crashed. Unable to generate crash dump. %S%S, xrefs: 0042C492
                                                                                                                                                                                                                                                • Try closing, disabling, or uninstalling these program(s) to see if the problem goes away:, xrefs: 0042C38C
                                                                                                                                                                                                                                                • BitTorrent.exe /RECOVER, xrefs: 0042C41E, 0042C42B
                                                                                                                                                                                                                                                • BitTorrent.exe /RECOVER "%s", xrefs: 0042C417
                                                                                                                                                                                                                                                • C:\Users\user\AppData\Roaming\BitTorrent\26618-bittorrent.c654.dmp, xrefs: 0042C3A4, 0042C3BC
                                                                                                                                                                                                                                                • BitTorrent has crashed. A crash dump has been saved as: %S.%S%SHow would you like to proceed?, xrefs: 0042C3C3
                                                                                                                                                                                                                                                • Don't relaunch the application or send a crash dump, xrefs: 0042C3E4
                                                                                                                                                                                                                                                • Just relaunch the application, xrefs: 0042C3DA
                                                                                                                                                                                                                                                • Submit this dump to the developers, xrefs: 0042C3D0
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Module$Handle$CurrentErrorFileIconicModeNameProcess_strncollatoi
                                                                                                                                                                                                                                                • String ID: Try closing, disabling, or uninstalling these program(s) to see if the problem goes away:$BitTorrent has crashed. A crash dump has been saved as: %S.%S%SHow would you like to proceed?$BitTorrent has crashed. Unable to generate crash dump. %S%S$BitTorrent.exe /RECOVER$BitTorrent.exe /RECOVER "%s"$C:\Users\user\AppData\Roaming\BitTorrent\26618-bittorrent.c654.dmp$Don't relaunch the application or send a crash dump$Just relaunch the application$Submit this dump to the developers
                                                                                                                                                                                                                                                • API String ID: 3819029687-4240621309
                                                                                                                                                                                                                                                • Opcode ID: 5fb1b296c90df63c158d4547a7a8e907601bd2e6650dc368789a2bffe64a563a
                                                                                                                                                                                                                                                • Instruction ID: ce11268dc1c9fe820397042826705572059f8a422cdffa8cdd54993801189b15
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5fb1b296c90df63c158d4547a7a8e907601bd2e6650dc368789a2bffe64a563a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 96510A71D00218ABDF20EFA1DC85BEFBBB8EF10309F54856FE504A6251D7790A44CB99
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00418E8A Relevance: 18.4, APIs: 4, Strings: 6, Instructions: 883COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • BAN peer: Responsible for '%s' metadata not being loaded!, xrefs: 004194B7
                                                                                                                                                                                                                                                • Finished receiving metadata for '%s', xrefs: 00419333
                                                                                                                                                                                                                                                • magnet:, xrefs: 004192C6
                                                                                                                                                                                                                                                • Timing out hole punch request(%A), xrefs: 004195A4
                                                                                                                                                                                                                                                • Metadata Complete, xrefs: 0041946E
                                                                                                                                                                                                                                                • ERROR: Metadata for '%s' could not be loaded!, xrefs: 00419499
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: rand$??2@??3@
                                                                                                                                                                                                                                                • String ID: BAN peer: Responsible for '%s' metadata not being loaded!$ERROR: Metadata for '%s' could not be loaded!$Finished receiving metadata for '%s'$Metadata Complete$Timing out hole punch request(%A)$magnet:
                                                                                                                                                                                                                                                • API String ID: 1977049550-4199479359
                                                                                                                                                                                                                                                • Opcode ID: 2c543c9d5a57cd4ba7ad56f2952294edbe17239e377078f82ea929ada8ab15c8
                                                                                                                                                                                                                                                • Instruction ID: d0509930c9f549a548c85c2064cabe738e192911921316bd38b21ae4563df140
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2c543c9d5a57cd4ba7ad56f2952294edbe17239e377078f82ea929ada8ab15c8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0C72B130A007459BDB25EF65C4A1BEEB7A2AF85308F14446FE49657392CB3C6D86CB0D
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0040B546 Relevance: 12.9, APIs: 10, Instructions: 351COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 77b282f096bfa251bfb8414036703c2fa9c1d664324f6931636b6d31c6d16704
                                                                                                                                                                                                                                                • Instruction ID: c2f1fd858a2a5564e36f665f0ac346a20fae99fcdf4db3b0624cf542310b8fc5
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 77b282f096bfa251bfb8414036703c2fa9c1d664324f6931636b6d31c6d16704
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1BE124B5D0020A9FCB04DFA9C985BEEBBB4FB08304F10412AE955B7391D739A941DF99
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0040C75D Relevance: 6.3, APIs: 4, Instructions: 309COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00469300: GetSystemTime.KERNEL32(?,?,00000000,00000000,?), ref: 0046930A
                                                                                                                                                                                                                                                • __aulldiv.LIBCMT ref: 0040C838
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: SystemTime__aulldiv
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2292737093-0
                                                                                                                                                                                                                                                • Opcode ID: 9348de96788f5da6f91cf85f43df84a7edd5ae30392a7bd56734960974c3dd87
                                                                                                                                                                                                                                                • Instruction ID: b365c76e1ce1324c385484e9a8790d80150b24e60dafc2b98362126fe80f1823
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9348de96788f5da6f91cf85f43df84a7edd5ae30392a7bd56734960974c3dd87
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 31C17B71A0060ADBCB24DF64C4D17EEB7B1BB85309F24863ED566B3381D7786941CB88
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0046F337 Relevance: 6.1, APIs: 4, Instructions: 129sleepCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 0046F342
                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 0046F36F
                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000019,?,?,?,?,?,?,?,?,?,?,?,0046F4F1), ref: 0046F384
                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 0046F3A5
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CountTick$Sleep
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 4250438611-0
                                                                                                                                                                                                                                                • Opcode ID: 25994e9fb7406554f33c99a409e10d5439117b92a873e2e500d42588f82cfd8b
                                                                                                                                                                                                                                                • Instruction ID: fea66f8f8180269b15010c85c1ca9a3a1de86c56fec6988f8bb0eb06049ebec8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 25994e9fb7406554f33c99a409e10d5439117b92a873e2e500d42588f82cfd8b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A9418C719083419FD714EF26E49526EB7E5AFA5308F00442FF4C587262EB3C8989CB9B
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004745FB Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 199COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • Sending Piece %d:%d->%d, xrefs: 00474740
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ??3@
                                                                                                                                                                                                                                                • String ID: Sending Piece %d:%d->%d
                                                                                                                                                                                                                                                • API String ID: 613200358-747720766
                                                                                                                                                                                                                                                • Opcode ID: 8df0e6d94c1ba83075fc8794f49dbbfb4f05d3c011b06eb85f6712b310cd095c
                                                                                                                                                                                                                                                • Instruction ID: 5f4faa352674cdac14e8201e27559bdb7c822b9943f894496aa6f1a749fef33d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8df0e6d94c1ba83075fc8794f49dbbfb4f05d3c011b06eb85f6712b310cd095c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6781B3357042409FC719DF29C884BEABBE2AF96304F09C15EF88D4B3A2C774A954CB95
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0048EB21 Relevance: 5.3, APIs: 4, Instructions: 309COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,00490A33,00000000,?,00000000), ref: 0048EB81
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00490A33,00000000,?,00000000), ref: 0048EBAF
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00490A33,00000000,?,00000000), ref: 0048EBDD
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00490A33,00000000,?,00000000), ref: 0048EC0B
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ErrorLast
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1452528299-0
                                                                                                                                                                                                                                                • Opcode ID: fcb3094189bf09a29477763f554ea08fcb2111a2f1a76e38b5a0f7f1f07b8947
                                                                                                                                                                                                                                                • Instruction ID: 22382d23e3f1dee66abb85dc24256163962d1deba5d996082dd34d4843de8b77
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fcb3094189bf09a29477763f554ea08fcb2111a2f1a76e38b5a0f7f1f07b8947
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 59C1D274D006558BCF21EFA684813FEBBF1AF5A318F04086FD891A7392C7386946DB59
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004A12C8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32keyboardCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • keybd_event.USER32(00000010,00000000,00000000,00000000), ref: 004A130B
                                                                                                                                                                                                                                                • keybd_event.USER32(00000010,00000000,00000002,00000000), ref: 004A1313
                                                                                                                                                                                                                                                  • Part of subcall function 00466AA1: LoadLibraryA.KERNEL32(wininet.dll,00000000,004879A0,?,?,0044C651,00000000,?,?,?,?,?,?,00459CFD,00459C7E,?), ref: 00466AB9
                                                                                                                                                                                                                                                  • Part of subcall function 00466AA1: GetProcAddress.KERNEL32(00000000,wininet.dll), ref: 00466AD3
                                                                                                                                                                                                                                                  • Part of subcall function 00466AA1: GetLastError.KERNEL32(?,?,0044C651,00000000,?,?,?,?,?,?,00459CFD,00459C7E,?,00000000), ref: 00466AEA
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: keybd_event$AddressErrorLastLibraryLoadProc
                                                                                                                                                                                                                                                • String ID: kernel32.dll
                                                                                                                                                                                                                                                • API String ID: 1427422320-1793498882
                                                                                                                                                                                                                                                • Opcode ID: 92a44888de7306592b75e0abe559beb8b32a9e2154cec787a3fdc394e2a20a52
                                                                                                                                                                                                                                                • Instruction ID: 67506536936682c78bdd6fc020fade83d9b445e461cbf4bdeb8f689f05420805
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 92a44888de7306592b75e0abe559beb8b32a9e2154cec787a3fdc394e2a20a52
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0EE09222A4055437EA3027A76C09FAF5E69EBF3F54F61007BF240FA2E2D8954C4086A9
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00415AB0 Relevance: 4.0, APIs: 3, Instructions: 237COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 00415B91
                                                                                                                                                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 00415BAF
                                                                                                                                                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 00415C13
                                                                                                                                                                                                                                                  • Part of subcall function 0043F12E: __aulldiv.LIBCMT ref: 0043F162
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ??2@$__aulldiv
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1550492227-0
                                                                                                                                                                                                                                                • Opcode ID: 7fc7992ecf17d00090395537f73b864f86e6c63da61d350ec4677d391a316b2e
                                                                                                                                                                                                                                                • Instruction ID: 5138d12a30e101dc32d9f8c9b8a5cb9f5fe0bbe22e6095d4a32973cb1792b63f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7fc7992ecf17d00090395537f73b864f86e6c63da61d350ec4677d391a316b2e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 68A1AE70900B04DFCB24EF76C495BDAB7E1AF85304F10895EE46A97382DB78A981CB58
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0047BDEC Relevance: 3.4, APIs: 2, Instructions: 417COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 0047BE51
                                                                                                                                                                                                                                                  • Part of subcall function 0047AECD: __aulldiv.LIBCMT ref: 0047AF15
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?), ref: 0047BF23
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CountErrorLastTick__aulldiv
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3485912141-0
                                                                                                                                                                                                                                                • Opcode ID: 9239fe3812eb5b16970215fd8c181594fce4a181b175c34238c1fd4ef745fc5c
                                                                                                                                                                                                                                                • Instruction ID: 69197023254f0f25bddcec1c1f660ee91e19ab8cf3c1d5f3276698a1ffae9d48
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9239fe3812eb5b16970215fd8c181594fce4a181b175c34238c1fd4ef745fc5c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 99021531E00204DFDB14DF95C995AEEB7B1EF48314F14816EE85AAB392C7386985CF98
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004E4EDD Relevance: 3.1, APIs: 2, Instructions: 133encryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CryptGetHashParam.ADVAPI32(?,00000002,?,0041155C,00000000,?,?,00000008,?,00000000), ref: 004E4F0C
                                                                                                                                                                                                                                                • CryptDestroyHash.ADVAPI32(?), ref: 004E4F15
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CryptHash$DestroyParam
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1393782385-0
                                                                                                                                                                                                                                                • Opcode ID: 9ebdb7854e72163e5f43f05a52ff04d5f0073345c8032e1465f77082b1a75f15
                                                                                                                                                                                                                                                • Instruction ID: 3d867eb41a42ff08e248ed5b1a15fae44d6a43c39bf5f71f42edfb6a76750322
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9ebdb7854e72163e5f43f05a52ff04d5f0073345c8032e1465f77082b1a75f15
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1C4184367097808BD36DC63D8C8046BBFD39FE5200B54896DD9C2977C6C9B4E805C7A1
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004C41D8 Relevance: 3.1, APIs: 2, Instructions: 588COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • memset.MSVCRT ref: 004C41F3
                                                                                                                                                                                                                                                  • Part of subcall function 0040BC84: _wcsicmp.MSVCRT ref: 0040BCA1
                                                                                                                                                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 004C4471
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ??2@_wcsicmpmemset
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 4120724268-0
                                                                                                                                                                                                                                                • Opcode ID: 76c628e913748e6753d4e052d6164c59f5a4cadd18635902d0e21cdc844aa5be
                                                                                                                                                                                                                                                • Instruction ID: 18551d7c8d7dd27fccc6cc7fb8dbb91a58e3cc1e526a566c7120c9c8623e890d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 76c628e913748e6753d4e052d6164c59f5a4cadd18635902d0e21cdc844aa5be
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BF427B746016409FDB95DF38C191BEA7BE0AF85304F0845BEDC5A8F396DB38A901CB69
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0046FA5E Relevance: 3.0, APIs: 2, Instructions: 33fileCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 004A03C0: memcpy.MSVCRT ref: 004A0454
                                                                                                                                                                                                                                                  • Part of subcall function 004A03C0: memcpy.MSVCRT ref: 004A047F
                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(00000000,?,?,?,00000070), ref: 0046FA7B
                                                                                                                                                                                                                                                  • Part of subcall function 00468618: ??3@YAXPAX@Z.MSVCRT ref: 00468619
                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 0046FA98
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Findmemcpy$??3@CloseFileFirst
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3959790596-0
                                                                                                                                                                                                                                                • Opcode ID: 5464fc10ab6b4d7fb3d68b2cbde19b6a0e6ff14bb81c246f626fb09dbf514619
                                                                                                                                                                                                                                                • Instruction ID: 5790d79a8f8d72c7add11c22c781f01189febcaa8affaefe6ccc9c8404bef499
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5464fc10ab6b4d7fb3d68b2cbde19b6a0e6ff14bb81c246f626fb09dbf514619
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F0F05C3270102017CB20A775DC88CAFBB6A9FD1314F004276ED09D3240FB389D45C6D9
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004150A8 Relevance: 2.8, APIs: 2, Instructions: 281COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000,00000008,00000000,?,?,?,?,?,00000004,0048D6E5,00000004,0048D6E5), ref: 004150CF
                                                                                                                                                                                                                                                • memset.MSVCRT ref: 004150EF
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ErrorLastmemset
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3276359510-0
                                                                                                                                                                                                                                                • Opcode ID: 6d1ad2ecbc58582b385ef9080c8a00484e46a3816e1f21247a28c5a6092c89c2
                                                                                                                                                                                                                                                • Instruction ID: 9e2c4e6dc8b796e823471a66801d399e4f91d48ae2dcafb333ba98f487dd97be
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6d1ad2ecbc58582b385ef9080c8a00484e46a3816e1f21247a28c5a6092c89c2
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4DB1D231D04A84AFCB22CBA9C8907EEBBF1BF95304F14449ED4A567382C7786985CF59
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0040BF95 Relevance: 2.7, APIs: 2, Instructions: 189COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(0000013C,00000000,00000000,00000004,?,00000004,00000078,00000000,00000000,-00544B48), ref: 0040BFD1
                                                                                                                                                                                                                                                • memset.MSVCRT ref: 0040BFED
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ErrorLastmemset
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3276359510-0
                                                                                                                                                                                                                                                • Opcode ID: ece65b70279512e6ce1adefcf35eedc5f98e57faff7f92ff3021b12a552bc8a9
                                                                                                                                                                                                                                                • Instruction ID: ed07b914df975925311875cc448a126b8cb271d11c7428a155955c1f0107b25d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ece65b70279512e6ce1adefcf35eedc5f98e57faff7f92ff3021b12a552bc8a9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6371BB31A40645CFCB11CF68C8D47EABBF1AF46314F28466AD899AB3D2C7786845CB54
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0043EE20 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 0046B834: GetCurrentThreadId.KERNEL32 ref: 0046B844
                                                                                                                                                                                                                                                  • Part of subcall function 0043E49F: ??3@YAXPAX@Z.MSVCRT ref: 0043E4E5
                                                                                                                                                                                                                                                • GetDiskFreeSpaceW.KERNEL32(?,00000008,00000000,00000014,00000006,00000000), ref: 0043EE91
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ??3@CurrentDiskFreeSpaceThread
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 4166821614-0
                                                                                                                                                                                                                                                • Opcode ID: 4ce1bb01808d2e226d36edb681635c9e4f0e6eb52804cb29dce6b6a8e4b622c2
                                                                                                                                                                                                                                                • Instruction ID: aaaf5816bc2b123c42ac47761e4e832532ddce742b1f485b2bec5a2b1afaa3e2
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4ce1bb01808d2e226d36edb681635c9e4f0e6eb52804cb29dce6b6a8e4b622c2
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2301613190121D9ACF10FBA2C9869DE737C9F54318F10069BE515E71C1EB789F458BD9
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0040F7B4 Relevance: 1.5, APIs: 1, Instructions: 283COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000,-00544B48,00000000), ref: 0040F820
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ErrorLast
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1452528299-0
                                                                                                                                                                                                                                                • Opcode ID: 44743f20dc0d8f39d3055d868407041ca383c83055053e1db2f37fd444f345e0
                                                                                                                                                                                                                                                • Instruction ID: b144c9b1c1861bb14925abaa7501d21d205facd2c3326a4542ec26600483f749
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 44743f20dc0d8f39d3055d868407041ca383c83055053e1db2f37fd444f345e0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B1B13770E00208AFCF25DF99C985AEEBBB1BF88314F14417AE515B7291C7386A45CF59
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0046BDED Relevance: 1.5, APIs: 1, Instructions: 19networkCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 0046352E: htons.WS2_32(8936FF00), ref: 00463566
                                                                                                                                                                                                                                                • bind.WS2_32(?,?,0046E846), ref: 0046BE12
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: bindhtons
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 791846173-0
                                                                                                                                                                                                                                                • Opcode ID: 3a92dce6caf4896b5909c0e308d377beadf35514b57627ec39b7f6a50c7c7414
                                                                                                                                                                                                                                                • Instruction ID: f882756d860ccfeb63639e7548a611ebe7132fb04dbc7de95e2ca6888c95fe38
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3a92dce6caf4896b5909c0e308d377beadf35514b57627ec39b7f6a50c7c7414
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F0E0EC7640005DBBCF00EF95DC85DDE7BACFB49248F048026F905A7151EA34E6498BE5
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004E3D87 Relevance: 1.5, APIs: 1, Instructions: 12encryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CryptDestroyHash.ADVAPI32(?,00000000,004115A2,00000000,rating,00000006,00000008,00000014,00000000,?,?), ref: 004E3D9B
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CryptDestroyHash
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 174375392-0
                                                                                                                                                                                                                                                • Opcode ID: 3833e20130342ff0034e7ebd6ad323f06b36ae2c4e4b34c751544dcb54bf5458
                                                                                                                                                                                                                                                • Instruction ID: ff158ff0b864b562e4e22876d113244073cff91ad9afb4fb8b2f2efbd3a4596d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3833e20130342ff0034e7ebd6ad323f06b36ae2c4e4b34c751544dcb54bf5458
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 68D0C9316106109BDB624B29EC4CB5232E87B80317F14091AA44297550C7B8AC458658
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004A10D5 Relevance: 1.5, APIs: 1, Instructions: 7timeCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetLocalTime.KERNEL32(?,00540130,0041FA07,00000000,00000000,?), ref: 004A10D9
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: LocalTime
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 481472006-0
                                                                                                                                                                                                                                                • Opcode ID: 5e7a7941a828d1529c82f2de08b99e794533d0d69b16ff815770f4d6be163600
                                                                                                                                                                                                                                                • Instruction ID: 4b521a6aa42e5948a58853dbf3ce875d8368c86ea5cb872491e3d0edeaab0069
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5e7a7941a828d1529c82f2de08b99e794533d0d69b16ff815770f4d6be163600
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D3A022323020300B0200230CBC0C8CA228CCF0A02230200BBFC00C3302CAC00E0203EA
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0043F590 Relevance: .2, Instructions: 234COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: f6b7f7672feb3f68258912e0106b38e55e158d5bf17240ba9a7cb55d30efb59c
                                                                                                                                                                                                                                                • Instruction ID: d7b8a03f17e4f4683ed5c1244bc4dc271052d4d15d84c7761336febd28bb9102
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f6b7f7672feb3f68258912e0106b38e55e158d5bf17240ba9a7cb55d30efb59c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6691C131C04344AFCF15CFA8C4916EEBBF1AF4E304F24646AD88567342C739A94ACB68
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00471E59 Relevance: .1, Instructions: 140COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 131084eefdf3fb238eaeeaf896269206cbacc5fb43babcbebdccf0e5935e438e
                                                                                                                                                                                                                                                • Instruction ID: 89697a9143438538f7c478d43a8eab222af1dcca4859edba81bfc17b6396d18d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 131084eefdf3fb238eaeeaf896269206cbacc5fb43babcbebdccf0e5935e438e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AF5138715082808EDB45CF3894917D63BA1AF16324F1885BADCAD8F2ABD7349504DB29
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0049EFE6 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 09b6badf1eb2e47149972361b5d611aa61806f4d47f4ec236dcc3a4de99d119f
                                                                                                                                                                                                                                                • Instruction ID: edf5e3f07bcc426ce6342d33a0652b3dd08144e00d9d725e1e9c6fa743b20fee
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 09b6badf1eb2e47149972361b5d611aa61806f4d47f4ec236dcc3a4de99d119f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2521B0363208508F8708CF39ECA979533E6F79931C729457DE125CB291DA3AE816DF40
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00499E98 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: eb0fbd490c26741571089ba3ff600612fe181a9705eef4ef9707e8da9bb75acf
                                                                                                                                                                                                                                                • Instruction ID: d269a23a4e827138c720fbdc538165cb06966d2bf3c010811a145b1ca67048a0
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: eb0fbd490c26741571089ba3ff600612fe181a9705eef4ef9707e8da9bb75acf
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3E019E77F1132C06F3446CE68C81356F587C7C4B10F1B893D9AE09728ACCF4582A61E8
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00470646 Relevance: 37.0, APIs: 12, Strings: 9, Instructions: 217stringCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: strchr$_strnicmp$atoimemchrstrrchr
                                                                                                                                                                                                                                                • String ID: btresource$btresource://$feed://$http$http://$https$https://$udp$udp://
                                                                                                                                                                                                                                                • API String ID: 1133942460-3240269518
                                                                                                                                                                                                                                                • Opcode ID: dc7268ee4de8c7e1b43488ab89e402f79f3807005c75049703a00ef3bc623509
                                                                                                                                                                                                                                                • Instruction ID: cdd5ddbc0b9aae4ea69e7fb306770d04e13e0400ceef37cc916ed79a2789f378
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dc7268ee4de8c7e1b43488ab89e402f79f3807005c75049703a00ef3bc623509
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FD612371601301DBDB24AE36C885BAB77E5AF90348F10882FE54A87382EB7CE9458759
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004631B6 Relevance: 33.3, APIs: 10, Strings: 9, Instructions: 63libraryloaderCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(Iphlpapi.dll,?,00000000,00463660,?,-00544B48), ref: 004631CB
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetAdaptersInfo), ref: 004631ED
                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32 ref: 004631FE
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(GetIfTable), ref: 00463217
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(GetIfEntry), ref: 0046322D
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(GetBestInterface), ref: 00463243
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(GetBestInterfaceEx), ref: 00463259
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(GetIpAddrTable), ref: 0046326B
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(GetAdaptersAddresses), ref: 00463281
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(GetExtendedTcpTable), ref: 00463293
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AddressProc$Library$FreeLoad
                                                                                                                                                                                                                                                • String ID: GetAdaptersAddresses$GetAdaptersInfo$GetBestInterface$GetBestInterfaceEx$GetExtendedTcpTable$GetIfEntry$GetIfTable$GetIpAddrTable$Iphlpapi.dll
                                                                                                                                                                                                                                                • API String ID: 2449869053-1750937965
                                                                                                                                                                                                                                                • Opcode ID: 60cd1b4f20c5bfd2ae87f6a7604f36529713f539ad29776551e40efd28864407
                                                                                                                                                                                                                                                • Instruction ID: 26766971a7b7aecb5f15ae388f6a7cf4a1a63f693444c4811c48b9b89f6f032f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 60cd1b4f20c5bfd2ae87f6a7604f36529713f539ad29776551e40efd28864407
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E3116AB8942214ABCB017F21EC45995BEF1BB6B78A32108B7F000D2230E7794748BF49
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004B3470 Relevance: 28.2, APIs: 5, Strings: 11, Instructions: 198COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(?,00000000), ref: 004B34A9
                                                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(0050CE14), ref: 004B35C5
                                                                                                                                                                                                                                                  • Part of subcall function 004A10E3: GetModuleHandleA.KERNEL32(comctl32.dll,00000000,00000000,0046685D,0000000C,?,00000000,00000000,?,?,004B36F4,?), ref: 004A10EA
                                                                                                                                                                                                                                                  • Part of subcall function 004A10E3: LoadLibraryA.KERNEL32(comctl32.dll,?,004B36F4,?), ref: 004A10F5
                                                                                                                                                                                                                                                  • Part of subcall function 004A10E3: GetProcAddress.KERNEL32(00000000,TaskDialogIndirect), ref: 004A1101
                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000001), ref: 004B34D8
                                                                                                                                                                                                                                                • _strncoll.MSVCRT ref: 004B3544
                                                                                                                                                                                                                                                • atoi.MSVCRT ref: 004B3554
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: HandleModule$AddressCurrentLibraryLoadProcProcess_strncollatoi
                                                                                                                                                                                                                                                • String ID: '%s' (%s)$ '%s' (%s) (known malware!)$#N$%s%s$0$1.00.$Buggy DLL warning: %S (%S)$SOFTWARE\NVIDIA Corporation\nForce\network management\Settings$SetProcessAffinityMask$Version$kernel32.dll
                                                                                                                                                                                                                                                • API String ID: 2108212018-1820609844
                                                                                                                                                                                                                                                • Opcode ID: 009c033fd5407daddc278d4adca86d99b870c8eff6db18b76cd1a3c3246cff9c
                                                                                                                                                                                                                                                • Instruction ID: 3a3044595d9a74f49f76d2bc50ca91d03eadfd5f948834f062d06fb1fcdead5f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 009c033fd5407daddc278d4adca86d99b870c8eff6db18b76cd1a3c3246cff9c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 09611471D00308ABDF219FA7CC85AEEBBF8EF54305F04446BE904A7291E7795A45CB68
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004DCA90 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 179COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • /crash.php?ver=%dU&h=%s&p=%dU&pr=%dU&s=%dU&svp=%d&ov=%d&plus=%d, xrefs: 004DCB3D
                                                                                                                                                                                                                                                • update.utorrent.com, xrefs: 004DCAED
                                                                                                                                                                                                                                                • &%s, xrefs: 004DCB6A
                                                                                                                                                                                                                                                • &dl=%s, xrefs: 004DCB8E
                                                                                                                                                                                                                                                • POST, xrefs: 004DCBB3
                                                                                                                                                                                                                                                • BitTorrent/7600, xrefs: 004DCAC5
                                                                                                                                                                                                                                                • can't load wininet.dll, xrefs: 004DCAB7
                                                                                                                                                                                                                                                • GET, xrefs: 004DCBBC, 004DCBD1
                                                                                                                                                                                                                                                • Error %d : , xrefs: 004DCC4E
                                                                                                                                                                                                                                                • ut=127&bt=4118390&tid=mt&ec=C0000005&ea=75295D17&eip=75295D17&ebx=0085000F&bs=00400000&st=49414E,546C18,4594A5,4EDC29,580056,466AD9,4F6695,4F6695,4B9769,5C3C00,4FC3F0,4A1107,4E3C3A,43737A,46BAC0,400000,4EF29C,4BA722,5C3C00,4E3CA4,400000,5C3C00,5C3C00,4E3960,52, xrefs: 004DCB59, 004DCB61
                                                                                                                                                                                                                                                • Content-type: application/octet-stream, xrefs: 004DCBEA, 004DCC05
                                                                                                                                                                                                                                                • wininet.dll, xrefs: 004DCAA3
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AddressErrorLastLibraryLoadProc
                                                                                                                                                                                                                                                • String ID: &%s$&dl=%s$/crash.php?ver=%dU&h=%s&p=%dU&pr=%dU&s=%dU&svp=%d&ov=%d&plus=%d$BitTorrent/7600$Content-type: application/octet-stream$Error %d : $GET$POST$can't load wininet.dll$update.utorrent.com$ut=127&bt=4118390&tid=mt&ec=C0000005&ea=75295D17&eip=75295D17&ebx=0085000F&bs=00400000&st=49414E,546C18,4594A5,4EDC29,580056,466AD9,4F6695,4F6695,4B9769,5C3C00,4FC3F0,4A1107,4E3C3A,43737A,46BAC0,400000,4EF29C,4BA722,5C3C00,4E3CA4,400000,5C3C00,5C3C00,4E3960,52$wininet.dll
                                                                                                                                                                                                                                                • API String ID: 3511525774-4238870595
                                                                                                                                                                                                                                                • Opcode ID: 2f61642e125063129e1166be33b4dba86eafb35a22a63209779c7194970546ee
                                                                                                                                                                                                                                                • Instruction ID: 94c9a551606c1c0ba8163b90a20ba3f9fe9a0d2a8fac54d289cb5dc366aeb4f9
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2f61642e125063129e1166be33b4dba86eafb35a22a63209779c7194970546ee
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1D518DB1900209BBEB10AFA5DC99DFF7EBCEB08348F10456BF605B2240D6785E44DB65
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00438EF7 Relevance: 22.7, APIs: 18, Instructions: 214COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ??2@
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1033339047-0
                                                                                                                                                                                                                                                • Opcode ID: c5a62b8c188a6469dc2e859c0d1028f011824fb9fa5a60e256facf64e41faa30
                                                                                                                                                                                                                                                • Instruction ID: 1875fd379ab20886ddade05407197ea26d927b036394c4eb80d2357c76e07d26
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c5a62b8c188a6469dc2e859c0d1028f011824fb9fa5a60e256facf64e41faa30
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4551AF69205207B6FF022A668C06EAE7657DF0D725F10901FFD06A92D1CFBDCA10A55E
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0048CBC8 Relevance: 21.2, APIs: 5, Strings: 7, Instructions: 154networkCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • _wcsncoll.MSVCRT ref: 0048CC1E
                                                                                                                                                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 0048CC54
                                                                                                                                                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 0048CD0B
                                                                                                                                                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 0048CD3F
                                                                                                                                                                                                                                                • WSAIoctl.WS2_32(?,98000004,?,0000000C,00000000,00000000,?,00000000,00000000), ref: 0048CD96
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ??2@$Ioctl_wcsncoll
                                                                                                                                                                                                                                                • String ID: 0u$Error contacting WebUI proxy service: %s$Got proxy service response (%S:%d, %Ld bytes): %S$HTTP Error $HTTP Error 400$HTTP Error 401$failed to turn on keep alive
                                                                                                                                                                                                                                                • API String ID: 159552296-3902049313
                                                                                                                                                                                                                                                • Opcode ID: 57238e3949e21a955451dad5b3681d5ba40abf7090e3eda9a94ea306b10094de
                                                                                                                                                                                                                                                • Instruction ID: 19562ec0f38d28fb93e1793b3de2538f74726230722daab033889830094e64e4
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 57238e3949e21a955451dad5b3681d5ba40abf7090e3eda9a94ea306b10094de
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CE4138306002109BDB10BB76CC86BEE3B91AF45718F00483FF809972E2DB7D8945D7A9
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0049BD31 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 90networkCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 0046DA5A: socket.WS2_32(?,00000000,00000000), ref: 0046DA69
                                                                                                                                                                                                                                                  • Part of subcall function 0046DA5A: setsockopt.WS2_32(00000000,00000029,00000017,00000017,00000004), ref: 0046DA8F
                                                                                                                                                                                                                                                • WSAGetLastError.WS2_32(00000002,00000002,00000000,00000001,00000000,00000000,?,?,?,?,0049D7D7,00000000,?,00000000), ref: 0049BD5E
                                                                                                                                                                                                                                                • setsockopt.WS2_32(?,0000FFFF,00000004,00000000,00000004), ref: 0049BD90
                                                                                                                                                                                                                                                • WSAGetLastError.WS2_32(?,00000000,0000076C,?,?,?,?,0049D7D7,00000000,?,00000000), ref: 0049BDBF
                                                                                                                                                                                                                                                • inet_addr.WS2_32(239.255.255.250), ref: 0049BDE1
                                                                                                                                                                                                                                                • inet_addr.WS2_32(0.0.0.0), ref: 0049BDEB
                                                                                                                                                                                                                                                • setsockopt.WS2_32(?,00000000,0000000C,00000000,00000008), ref: 0049BDFD
                                                                                                                                                                                                                                                • WSAGetLastError.WS2_32(?,?,?,?,0049D7D7,00000000,?,00000000,?,?,?,?,?,?,0048FFC2,00000000), ref: 0049BE0F
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • UPnP: Could not join multicast group: %d, xrefs: 0049BE16
                                                                                                                                                                                                                                                • UPnP: Unable to create socket: %d, xrefs: 0049BD65
                                                                                                                                                                                                                                                • 239.255.255.250, xrefs: 0049BDDC
                                                                                                                                                                                                                                                • UPnP: Unable to bind to UPnP port: %d, xrefs: 0049BDC6
                                                                                                                                                                                                                                                • 0.0.0.0, xrefs: 0049BDE3
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ErrorLastsetsockopt$inet_addr$socket
                                                                                                                                                                                                                                                • String ID: 0.0.0.0$239.255.255.250$UPnP: Could not join multicast group: %d$UPnP: Unable to bind to UPnP port: %d$UPnP: Unable to create socket: %d
                                                                                                                                                                                                                                                • API String ID: 3065726123-2126674998
                                                                                                                                                                                                                                                • Opcode ID: 71e931b6f5eb35b996bbed75cd0ba22bd07d5e7a51c457b22526570eeb8cb590
                                                                                                                                                                                                                                                • Instruction ID: b31cb62c92814b1d36bc79e120f4f099ecb592d6a29cdfb0ba0b2f01a454b5e2
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 71e931b6f5eb35b996bbed75cd0ba22bd07d5e7a51c457b22526570eeb8cb590
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 45210A71604700ABDF24A7A1AD87FFF3BA8EB44B14F10012AF601991C1DF785905D7AD
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0043E6B4 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 211fileCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 004A03C0: memcpy.MSVCRT ref: 004A0454
                                                                                                                                                                                                                                                  • Part of subcall function 004A03C0: memcpy.MSVCRT ref: 004A047F
                                                                                                                                                                                                                                                  • Part of subcall function 0046FA30: GetFileAttributesW.KERNEL32(00000000,0043E6FA,00000000,?,?,?), ref: 0046FA31
                                                                                                                                                                                                                                                • _wcsicmp.MSVCRT ref: 0043E7A5
                                                                                                                                                                                                                                                • MoveFileW.KERNEL32(00000000,00000000), ref: 0043E7EC
                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(00000000,?,?,?,?,00000000,?,?,?), ref: 0043E835
                                                                                                                                                                                                                                                • MoveFileW.KERNEL32(00000000,00000000), ref: 0043E851
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,00000000,?,?,?), ref: 0043E853
                                                                                                                                                                                                                                                • MoveFileW.KERNEL32(00000000,00000000), ref: 0043E8B2
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,00000000,?,?,?), ref: 0043E8BE
                                                                                                                                                                                                                                                • MoveFileW.KERNEL32(00000000,00000000), ref: 0043E8EE
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,00000000,?,?,?), ref: 0043E8F4
                                                                                                                                                                                                                                                • MoveFileW.KERNEL32(00000000,00000000), ref: 0043E90E
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: File$Move$ErrorLast$memcpy$AttributesDelete_wcsicmp
                                                                                                                                                                                                                                                • String ID: %s.%d
                                                                                                                                                                                                                                                • API String ID: 940425504-645285463
                                                                                                                                                                                                                                                • Opcode ID: d5513475acf28bc8fe93ddf3536232d556a9cf3050faef594ee7db0fffe7b7f2
                                                                                                                                                                                                                                                • Instruction ID: f9c3ce455520bba9c89b8d2d7facff33c281368b404bffff98556226040d4a41
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d5513475acf28bc8fe93ddf3536232d556a9cf3050faef594ee7db0fffe7b7f2
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 94613375D001059BDF09FBB2DC52AEF77A4EE54304F10096EA812A3192EF399B05C798
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00468BFB Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 112networkCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 0046DA5A: socket.WS2_32(?,00000000,00000000), ref: 0046DA69
                                                                                                                                                                                                                                                  • Part of subcall function 0046DA5A: setsockopt.WS2_32(00000000,00000029,00000017,00000017,00000004), ref: 0046DA8F
                                                                                                                                                                                                                                                • WSAGetLastError.WS2_32(00000001,00000000,00000002,00000002,00000000,00000001,-00544B48,00000000,?,?,?,?,?,?,00468E0C,-00544B48), ref: 00468C22
                                                                                                                                                                                                                                                • setsockopt.WS2_32(?,0000FFFF,00000004,-0054497E,00000004), ref: 00468C4C
                                                                                                                                                                                                                                                • inet_addr.WS2_32(239.192.0.0), ref: 00468C73
                                                                                                                                                                                                                                                • inet_addr.WS2_32(0.0.0.0), ref: 00468C7D
                                                                                                                                                                                                                                                • setsockopt.WS2_32(?,00000000,0000000C,00468E0C,00000008), ref: 00468C8F
                                                                                                                                                                                                                                                • setsockopt.WS2_32(?,00000000,00000009,00000000,00000004), ref: 00468CAB
                                                                                                                                                                                                                                                • setsockopt.WS2_32(?,00000000,0000000B,-0054497E,00000004), ref: 00468CC9
                                                                                                                                                                                                                                                • setsockopt.WS2_32(?,00000000,00000004,00000001,00000004), ref: 00468CE8
                                                                                                                                                                                                                                                • setsockopt.WS2_32(?,00000000,0000000A,00000001,00000004), ref: 00468D02
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: setsockopt$inet_addr$ErrorLastsocket
                                                                                                                                                                                                                                                • String ID: 0.0.0.0$239.192.0.0
                                                                                                                                                                                                                                                • API String ID: 950758509-1367888843
                                                                                                                                                                                                                                                • Opcode ID: d7318b91b14b3066ad9564563bdeb5c225cb57bd2371362ca3e43c1f5b500493
                                                                                                                                                                                                                                                • Instruction ID: 4218bc0ad668cd8a2342fbec375fc4219a67f0a53775197e38e59b7a1fb5e753
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d7318b91b14b3066ad9564563bdeb5c225cb57bd2371362ca3e43c1f5b500493
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FD318371640305BAEB20EBA18D92FBF77B9AF44B00F10055AF711BA1C1EBB49E059769
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0049BE30 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 89networkCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 0046DA5A: socket.WS2_32(?,00000000,00000000), ref: 0046DA69
                                                                                                                                                                                                                                                  • Part of subcall function 0046DA5A: setsockopt.WS2_32(00000000,00000029,00000017,00000017,00000004), ref: 0046DA8F
                                                                                                                                                                                                                                                  • Part of subcall function 0046BDED: bind.WS2_32(?,?,0046E846), ref: 0046BE12
                                                                                                                                                                                                                                                • WSAGetLastError.WS2_32(?,00000002,00000002,00000000,00000001,00000000,00000000,00000000,0000076C,00000000,?,00000000), ref: 0049BE62
                                                                                                                                                                                                                                                • setsockopt.WS2_32(?,00000000,00000009,0000076C,00000004), ref: 0049BE92
                                                                                                                                                                                                                                                • WSAGetLastError.WS2_32(?,?,?,?,?,?,0048FFC2,00000000,?,00000000), ref: 0049BEA4
                                                                                                                                                                                                                                                • setsockopt.WS2_32(?,00000000,00000004,00000004), ref: 0049BECA
                                                                                                                                                                                                                                                • WSAGetLastError.WS2_32 ref: 0049BEDC
                                                                                                                                                                                                                                                • setsockopt.WS2_32(?,00000000,0000000A,000000FF,00000004), ref: 0049BF02
                                                                                                                                                                                                                                                • WSAGetLastError.WS2_32(?,?,?,?,?,?,0048FFC2,00000000,?,00000000), ref: 0049BF15
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • UPnP: Could not set multicast TTL: %d, xrefs: 0049BF1C
                                                                                                                                                                                                                                                • UPnP: Could not set unicast TTL: %d, xrefs: 0049BEE3
                                                                                                                                                                                                                                                • UPnP: Unable to bind to UPnP port: %d, xrefs: 0049BE69
                                                                                                                                                                                                                                                • UPnP: Could not setup socket to send multicast packets: %d, xrefs: 0049BEAB
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ErrorLastsetsockopt$bindsocket
                                                                                                                                                                                                                                                • String ID: UPnP: Could not set multicast TTL: %d$UPnP: Could not set unicast TTL: %d$UPnP: Could not setup socket to send multicast packets: %d$UPnP: Unable to bind to UPnP port: %d
                                                                                                                                                                                                                                                • API String ID: 4163718337-4018275130
                                                                                                                                                                                                                                                • Opcode ID: a2e7266b5a44ecc22a613b350a2f9ce7e73d0e50fc48c4ee05c8150c718118af
                                                                                                                                                                                                                                                • Instruction ID: 981184fda55b43694a697f2bf33d69929ff419d47381afb9be3487e20efa3b35
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a2e7266b5a44ecc22a613b350a2f9ce7e73d0e50fc48c4ee05c8150c718118af
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2C21A3B16043047EEB14AB95AD46FBB3AACEB04B14F14003AFB01851D2DBB95D49DAB9
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0046E720 Relevance: 18.2, APIs: 12, Instructions: 194networkstringCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 0046C4E4: setsockopt.WS2_32(?,0000FFFF,00000080,00000000,00000004), ref: 0046C51B
                                                                                                                                                                                                                                                • WSAGetLastError.WS2_32(00000001,00000000,?,?,?,?,?), ref: 0046E79B
                                                                                                                                                                                                                                                • setsockopt.WS2_32(?,0000FFFF,00000004,00000000,00000004), ref: 0046E804
                                                                                                                                                                                                                                                • _errno.MSVCRT ref: 0046E80F
                                                                                                                                                                                                                                                • _errno.MSVCRT ref: 0046E816
                                                                                                                                                                                                                                                • strerror.MSVCRT ref: 0046E820
                                                                                                                                                                                                                                                • _errno.MSVCRT ref: 0046E84B
                                                                                                                                                                                                                                                • _errno.MSVCRT ref: 0046E852
                                                                                                                                                                                                                                                • strerror.MSVCRT ref: 0046E85C
                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 0046E896
                                                                                                                                                                                                                                                • connect.WS2_32(?,?,00000000), ref: 0046E8C2
                                                                                                                                                                                                                                                • WSAGetLastError.WS2_32 ref: 0046E8CD
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: _errno$ErrorLastsetsockoptstrerror$CountTickconnect
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 666995827-0
                                                                                                                                                                                                                                                • Opcode ID: c6441287f5d3379e584eb1834c089f5dab09e16eab7199e40c10f6a9dacf4b87
                                                                                                                                                                                                                                                • Instruction ID: fbedfe4135c01f036c4aded36305d0a8e012500ca2ca2a000b73cfbec0945a7a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c6441287f5d3379e584eb1834c089f5dab09e16eab7199e40c10f6a9dacf4b87
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7051F835500204AADF20AF76CC85BAF3BA5AF41324F14457AF959AF2C2E738CD44D7A6
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00412BC3 Relevance: 17.8, APIs: 6, Strings: 4, Instructions: 294COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ??2@$??3@wcschrwcsrchr
                                                                                                                                                                                                                                                • String ID: %.*S/scrape%S%cinfo_hash=%.20U$&info_hash=%.20U$/announce$BitTorrent/7600
                                                                                                                                                                                                                                                • API String ID: 3218169405-1651456267
                                                                                                                                                                                                                                                • Opcode ID: 0854205f728012a45932ee765b23049b1a934169088bd676a34c77ea4a7baa0d
                                                                                                                                                                                                                                                • Instruction ID: 0199347afb6f403caa2f7c13f53ededcccfc920b5d5784949ebf7487593c2651
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0854205f728012a45932ee765b23049b1a934169088bd676a34c77ea4a7baa0d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4EB1B171D00248AFCF10EFA5D981AEEBBB5EF05304F14406EE901AB392D779AD85CB59
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0048817B Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 201stringCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ErrorLastatoimemcpystrrchr$strchr
                                                                                                                                                                                                                                                • String ID: router.utorrent.com
                                                                                                                                                                                                                                                • API String ID: 851569736-2974641532
                                                                                                                                                                                                                                                • Opcode ID: d37a7f8bd2cde5535a46381c505463f069da4c579bab5cfe08dbbe5b4d8930e0
                                                                                                                                                                                                                                                • Instruction ID: 240f160c97137202f31b8aa7b6721395ff0cf29bd463998150633fe47406128c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d37a7f8bd2cde5535a46381c505463f069da4c579bab5cfe08dbbe5b4d8930e0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1E610771904648AECF12FFA5C880AEF7BA59F01314F04499FF901AB242DF7D9A46C799
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00412753 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 216COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ??3@
                                                                                                                                                                                                                                                • String ID: HTTP Error 404$complete$downloaded$failure reason$files$incomplete
                                                                                                                                                                                                                                                • API String ID: 613200358-3244571365
                                                                                                                                                                                                                                                • Opcode ID: 9c02d1fb4c6c5a0493b9d0face75f00af75910a5697dbdbc04f8cd4f8dcec1fc
                                                                                                                                                                                                                                                • Instruction ID: 3260d03068b2ce0c2dbe020dcc7666d18bc8acfd71d272aef054e7315d4c68ed
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9c02d1fb4c6c5a0493b9d0face75f00af75910a5697dbdbc04f8cd4f8dcec1fc
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7981B374A002499FCB14FF69C9C19AEB3B1FF44304B20486FE552AB752C778E9A4CB58
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004A1487 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CountInfoInputLastTick
                                                                                                                                                                                                                                                • String ID: dwmapi.dll
                                                                                                                                                                                                                                                • API String ID: 3478931382-3558095503
                                                                                                                                                                                                                                                • Opcode ID: c66644d44bbf6c6d021d4e89429d8420467f9a747f0b51e95b0698bdf11289ee
                                                                                                                                                                                                                                                • Instruction ID: 5010aca74c4e042f762bf4af03c4e4a7c69d5483f250aa58af498bbb66e3a902
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c66644d44bbf6c6d021d4e89429d8420467f9a747f0b51e95b0698bdf11289ee
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CC310B31C00304BBCF10AFE5C8854AE7BA9ABA7344F14087FE502A7272D6398D85D75A
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004B49DC Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 346windowlibraryloaderCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • PostMessageW.USER32(0000800B,00000001,00000000), ref: 004B4E3A
                                                                                                                                                                                                                                                • PostMessageW.USER32(0000800B,00000000,00000000), ref: 004B4E64
                                                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(kernel32,SetThreadExecutionState,?,?,?,?,00490A29,00000000,?,00000000), ref: 004B4EAA
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 004B4EB1
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: MessagePost$AddressHandleModuleProc
                                                                                                                                                                                                                                                • String ID: SetThreadExecutionState$kernel32
                                                                                                                                                                                                                                                • API String ID: 835053856-1433392259
                                                                                                                                                                                                                                                • Opcode ID: 119df59a956db84edcae70879b9dbeca1e42665b33f4f873764936a1cd780b81
                                                                                                                                                                                                                                                • Instruction ID: 5687453806633fe2ca95aa5469e81f019cbc3839e8deb6d1f24e1fc337897fce
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 119df59a956db84edcae70879b9dbeca1e42665b33f4f873764936a1cd780b81
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FBE19038605B41CFD7108F22FD946A27BF4FBA6708B104469D486976B2D334D9A8EF1D
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0048CA94 Relevance: 10.7, APIs: 2, Strings: 5, Instructions: 221COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • 239.255.255.250, xrefs: 0049D835
                                                                                                                                                                                                                                                • UPnP: Unable to get external IP with UPnP., xrefs: 0049D8F8
                                                                                                                                                                                                                                                • UPnP: Could not detect external IP on this pass, retrying., xrefs: 0049D8AF
                                                                                                                                                                                                                                                • UPnP: Unable to map port %I:%d with UPnP., xrefs: 0049D8DD
                                                                                                                                                                                                                                                • UPnP: Could not map UPnP Port on this pass, retrying., xrefs: 0049D89C
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: 239.255.255.250$UPnP: Could not detect external IP on this pass, retrying.$UPnP: Could not map UPnP Port on this pass, retrying.$UPnP: Unable to get external IP with UPnP.$UPnP: Unable to map port %I:%d with UPnP.
                                                                                                                                                                                                                                                • API String ID: 0-900214317
                                                                                                                                                                                                                                                • Opcode ID: 92b3b2b1758396933d5e465d49205472d32e8104f3cbfff55f4fc2defe259c24
                                                                                                                                                                                                                                                • Instruction ID: 6d815089ceb0d87982a56dce5be5941f97d59a60377ecb8572dd5fe6bd6e170a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 92b3b2b1758396933d5e465d49205472d32e8104f3cbfff55f4fc2defe259c24
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EA81C074D802459ACF24FFA5E8927FA3B64BB2230CB14407FD15257292D77C094AEF9A
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004898C5 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 155COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: __aulldvrm
                                                                                                                                                                                                                                                • String ID: .$0$0$0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ$0123456789abcdefghijklmnopqrstuvwxyz
                                                                                                                                                                                                                                                • API String ID: 1302938615-1972522466
                                                                                                                                                                                                                                                • Opcode ID: b341c2f74c1d21e06985e9da8370495a356a94033cecccf16d46963afb04a078
                                                                                                                                                                                                                                                • Instruction ID: 9716e8dec98437b2217b9bca5fa46e83075923f0a355f7c321471b3f34fc467b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b341c2f74c1d21e06985e9da8370495a356a94033cecccf16d46963afb04a078
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DC5109B0104B895AEF15BEA98885BFF7B95AB15348F1C485FED4187381C3BC8D45C359
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00463798 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 113COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: htonl
                                                                                                                                                                                                                                                • String ID: 10.0.0.0$127.0.0.0$169.254.0.0$172.16.0.0$192.168.0.0
                                                                                                                                                                                                                                                • API String ID: 2009864989-708011033
                                                                                                                                                                                                                                                • Opcode ID: 9e18bd5747f5111e15cdf89b4a611bd95852ce925f5f379f2e4421179ba8904e
                                                                                                                                                                                                                                                • Instruction ID: 7017c258aa3159c397c322ea2238961d13e12760d4ed7ff91decc6bfd8d0724c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9e18bd5747f5111e15cdf89b4a611bd95852ce925f5f379f2e4421179ba8904e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9541FAB59012845ACB10EF6499513E6FBE19B6271EF18403FE401973B1E77C1B0DA74A
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004A1E16 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 56timeCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetDateFormatA.KERNEL32(00000400,00000000,00000000,yyyy'-'MM'-'dd,?,00000030,00000000,00540130), ref: 004A1E45
                                                                                                                                                                                                                                                • GetTimeFormatA.KERNEL32(00000400,00000000,00000000,HH':'mm':'ss',?,00000030), ref: 004A1E64
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Format$DateTime
                                                                                                                                                                                                                                                • String ID: $%.2d:%.2d:%.2d$HH':'mm':'ss'$yyyy'-'MM'-'dd
                                                                                                                                                                                                                                                • API String ID: 2545834208-2972950147
                                                                                                                                                                                                                                                • Opcode ID: 15c5389458544cc56d4c01d0035a34ed3324e53bd1253fb9c1ecafd5c090dcc7
                                                                                                                                                                                                                                                • Instruction ID: 842abdc43305f75336e0d73016b67cb057c3cc45a45b62eb9cfdae014a067f86
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 15c5389458544cc56d4c01d0035a34ed3324e53bd1253fb9c1ecafd5c090dcc7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4D11A5B5504348BAD720EB65DC46FEF3BECAF45748F00042AF906AB1D1D7789A44C7A9
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00415EFA Relevance: 9.2, APIs: 3, Strings: 2, Instructions: 447COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • <no message>, xrefs: 0041619D, 004161A2
                                                                                                                                                                                                                                                • WARNING: avoiding connecting to web seed because it's blocked by policy '%s', xrefs: 004161A3
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ??2@??3@htonl
                                                                                                                                                                                                                                                • String ID: <no message>$WARNING: avoiding connecting to web seed because it's blocked by policy '%s'
                                                                                                                                                                                                                                                • API String ID: 757347809-2343564329
                                                                                                                                                                                                                                                • Opcode ID: a37a10e56fa082eda87f2fd91f9a7b14f1787d07bff0b5c50f1b65896034a039
                                                                                                                                                                                                                                                • Instruction ID: 9d72d93cd2cb2d4a988a5ea19c1bc9fa999100ed67f27cf87a25b79b1fc4d1d0
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a37a10e56fa082eda87f2fd91f9a7b14f1787d07bff0b5c50f1b65896034a039
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0B02D130A006449ADF25EF64C4457EE7BB1AF05308F0944AFED96AB3D2C779E985CB48
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004388EA Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • InterlockedExchangeAdd.KERNEL32(00542E88,00000001), ref: 00438913
                                                                                                                                                                                                                                                  • Part of subcall function 0043C3B8: RtlEnterCriticalSection.NTDLL(00543978), ref: 0043C3C4
                                                                                                                                                                                                                                                  • Part of subcall function 0043C3B8: RtlEnterCriticalSection.NTDLL(005431B8), ref: 0043C3D0
                                                                                                                                                                                                                                                  • Part of subcall function 0043C3B8: GetCurrentThreadId.KERNEL32 ref: 0043C419
                                                                                                                                                                                                                                                  • Part of subcall function 0043C3B8: GetCurrentThreadId.KERNEL32 ref: 0043C425
                                                                                                                                                                                                                                                  • Part of subcall function 0043C3B8: RtlLeaveCriticalSection.NTDLL(005431B8), ref: 0043C42C
                                                                                                                                                                                                                                                • InterlockedExchangeAdd.KERNEL32(00542E70,?), ref: 00438945
                                                                                                                                                                                                                                                  • Part of subcall function 004371DC: InterlockedExchangeAdd.KERNEL32(00542E14,00000004), ref: 004371EB
                                                                                                                                                                                                                                                  • Part of subcall function 004371DC: InterlockedExchangeAdd.KERNEL32(00542E10,00000001), ref: 004371F3
                                                                                                                                                                                                                                                • InterlockedExchangeAdd.KERNEL32(00542E78,?), ref: 0043895C
                                                                                                                                                                                                                                                • SetEvent.KERNEL32(?), ref: 00438A71
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ExchangeInterlocked$CriticalSection$CurrentEnterThread$EventLeave
                                                                                                                                                                                                                                                • String ID: 4-T
                                                                                                                                                                                                                                                • API String ID: 1474584091-2416925532
                                                                                                                                                                                                                                                • Opcode ID: 59826708654fed8c7f2361b5a3cd47d1f09d03aad633fcdb6a6df21a8f511652
                                                                                                                                                                                                                                                • Instruction ID: 6be125988754c9a984b4ec4a8d85504d9aad263eb368b7e3e28bee8750800f79
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 59826708654fed8c7f2361b5a3cd47d1f09d03aad633fcdb6a6df21a8f511652
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C241E5759003108FCB24EF15DC506A6BBA2FFAA318F95552FF4821B361CB389847DB5A
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0041CA47 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 97windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT ref: 0041CA6C
                                                                                                                                                                                                                                                • PostMessageW.USER32(0000802F,00000000,00000000,badge), ref: 0041CB38
                                                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT ref: 0041CB46
                                                                                                                                                                                                                                                  • Part of subcall function 004455E2: ??3@YAXPAX@Z.MSVCRT ref: 004455E8
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ??3@$MessagePost
                                                                                                                                                                                                                                                • String ID: badge$interval
                                                                                                                                                                                                                                                • API String ID: 160855325-2850146669
                                                                                                                                                                                                                                                • Opcode ID: 6cbe7c1a7c77828cd823fa6a5328d97448746152f98fd2bbaa931b7e67a303f8
                                                                                                                                                                                                                                                • Instruction ID: 556e29b7fa2a4fe8ce7d74d6221d0e247c14f43490e0ecc49fedfb9395464ff8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6cbe7c1a7c77828cd823fa6a5328d97448746152f98fd2bbaa931b7e67a303f8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5931B0B1A40705AFCB20DF65EDC29AEBBF5EB04708B10442FE142E3741D778A984CB58
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0041F8F7 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 40COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • fprintf.MSVCRT ref: 0041F936
                                                                                                                                                                                                                                                • fprintf.MSVCRT ref: 0041F950
                                                                                                                                                                                                                                                • fflush.MSVCRT ref: 0041F95B
                                                                                                                                                                                                                                                  • Part of subcall function 004A1E16: GetDateFormatA.KERNEL32(00000400,00000000,00000000,yyyy'-'MM'-'dd,?,00000030,00000000,00540130), ref: 004A1E45
                                                                                                                                                                                                                                                  • Part of subcall function 004A1E16: GetTimeFormatA.KERNEL32(00000400,00000000,00000000,HH':'mm':'ss',?,00000030), ref: 004A1E64
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Formatfprintf$DateTimefflush
                                                                                                                                                                                                                                                • String ID: %s$[%s] %s
                                                                                                                                                                                                                                                • API String ID: 3996786454-4130830515
                                                                                                                                                                                                                                                • Opcode ID: 1afa93d0db05d33ca542c45ba48b7946934f242e67dbda0000751f8a101c822d
                                                                                                                                                                                                                                                • Instruction ID: 11c64f702a333c489ca71db7c00ab00ef50a7bacd39574149ad2d53d4dfd2602
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1afa93d0db05d33ca542c45ba48b7946934f242e67dbda0000751f8a101c822d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E2F08B71400204BBCB15FB53CC06EAE73989F50319F10052FB94656172DF7CAA88C75D
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00422060 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30stringCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: _strcmpi$strrchr
                                                                                                                                                                                                                                                • String ID: .com$.net
                                                                                                                                                                                                                                                • API String ID: 2110963804-1120753515
                                                                                                                                                                                                                                                • Opcode ID: 118b4da08fd19c7c545bfb6bfe9c85e809ee18fe410e43bb0218d2c91240f998
                                                                                                                                                                                                                                                • Instruction ID: 81495ce0c5ed9dd524c237370dfb246b149741c0a6b694ca4102ce3f555a4901
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 118b4da08fd19c7c545bfb6bfe9c85e809ee18fe410e43bb0218d2c91240f998
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 12E0CD6379DBB328613661377D1665703848F01B77365006FF600D52C1EECDC941409C
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0048121F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(psapi.dll,00481270,00000000,00000000,004812D3,?,00437ED2,00000000,00000000,?,00000000,00000000,00000000,?,00000000,02000000), ref: 0048122D
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetProcessMemoryInfo), ref: 00481245
                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?,00437ED2,00000000,00000000,?,00000000,00000000,00000000,?,00000000,02000000,00000000), ref: 0048125A
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                • String ID: GetProcessMemoryInfo$psapi.dll
                                                                                                                                                                                                                                                • API String ID: 145871493-3877371417
                                                                                                                                                                                                                                                • Opcode ID: 979c4ba91e33ca1f293a55bcfd4cd07d5bec2d4b0169749ce6c4f049da20f712
                                                                                                                                                                                                                                                • Instruction ID: f1024ab4f606c7efd3a33dc08c14bef4ad5908505bde8ef91d936ecfe9338d78
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 979c4ba91e33ca1f293a55bcfd4cd07d5bec2d4b0169749ce6c4f049da20f712
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FFE08678441302DACF042B66BC0879A7B68B72134AB8088B3E800D5271DB38C55BAF09
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004A10E3 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(comctl32.dll,00000000,00000000,0046685D,0000000C,?,00000000,00000000,?,?,004B36F4,?), ref: 004A10EA
                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(comctl32.dll,?,004B36F4,?), ref: 004A10F5
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,TaskDialogIndirect), ref: 004A1101
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                                                                                                                                                • String ID: TaskDialogIndirect$comctl32.dll
                                                                                                                                                                                                                                                • API String ID: 310444273-2809879075
                                                                                                                                                                                                                                                • Opcode ID: 95b08c295450f640b4ccf319a02ebceafbed6e1747284aa10868418ed559ca23
                                                                                                                                                                                                                                                • Instruction ID: b6910a8d96c439c5a9a79188c1f5b28735512c77b949466aa535ae9459b11b64
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 95b08c295450f640b4ccf319a02ebceafbed6e1747284aa10868418ed559ca23
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DDD0C9366011A16B97201B37BC4CDABBAACEED7662705843AF841D6226DE78C94185B8
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00447393 Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 171COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 00447429
                                                                                                                                                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 00447504
                                                                                                                                                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 00447547
                                                                                                                                                                                                                                                  • Part of subcall function 00447283: ??2@YAPAXI@Z.MSVCRT ref: 0044728C
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ??2@
                                                                                                                                                                                                                                                • String ID: file:///$https:
                                                                                                                                                                                                                                                • API String ID: 1033339047-421304004
                                                                                                                                                                                                                                                • Opcode ID: bef03a4af8e93898989d04fa8ec49d7fdfbae16c5d5163ba0c280e7e36542a30
                                                                                                                                                                                                                                                • Instruction ID: ccc32fa0efd63ca8ac1c14c2b0586d59bdd9e9094ea8232620a4e0b5d989bfb1
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bef03a4af8e93898989d04fa8ec49d7fdfbae16c5d5163ba0c280e7e36542a30
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E451D370604285AFDB11EF78C4419EABFE0AF04344F14485FE4AA8B353DB38E946CB5A
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00499385 Relevance: 7.6, APIs: 5, Instructions: 102COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: __aulldiv$CountTick
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2272423691-0
                                                                                                                                                                                                                                                • Opcode ID: eddb8ec17347eff2f7fd19e8ffadb68bb898c9f88a3e98dbbd605481b801e331
                                                                                                                                                                                                                                                • Instruction ID: 2084aef08a195d1ceaeebbfcf385db87114aec72f0d165f19408d0e7cc13eafe
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: eddb8ec17347eff2f7fd19e8ffadb68bb898c9f88a3e98dbbd605481b801e331
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1A418FB8944340AFCB01CF69EC45A9B7BA9FBAA718F00062EF44493270C3349909EF95
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0043CCB8 Relevance: 7.6, APIs: 6, Instructions: 86COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ??2@memset
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1035511824-0
                                                                                                                                                                                                                                                • Opcode ID: 2e95f8918282984c7a7a24bac03d384d7a3e2d6f1773886ad1533a0794b7fb55
                                                                                                                                                                                                                                                • Instruction ID: 7a2543150106e8984170352c6cb0627c9a172214874a88af9b8e3ea390d81562
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2e95f8918282984c7a7a24bac03d384d7a3e2d6f1773886ad1533a0794b7fb55
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FD31A271605B419FE325DF2AD886916BBE1AF45325B00CA2EF0EA9B7E1D774E9048B04
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0049C45D Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 73stringCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: strchr$atoimemcpy
                                                                                                                                                                                                                                                • String ID: http://
                                                                                                                                                                                                                                                • API String ID: 3845716176-1121587658
                                                                                                                                                                                                                                                • Opcode ID: db59c6cfd2c8f87b4bab3fc477d1e1bf29a076fea4ec3f6cc17979e5fe9cf8eb
                                                                                                                                                                                                                                                • Instruction ID: f4118a7cf07608c9bc1b782cd87776457e5838030ff7e30a66029f7b4445dd25
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: db59c6cfd2c8f87b4bab3fc477d1e1bf29a076fea4ec3f6cc17979e5fe9cf8eb
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CC213871600215B6CF109E75C8807FA7BA89F11388F10417BE849A7242D7B8FE0187DD
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00463912 Relevance: 7.6, APIs: 5, Instructions: 63networkCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • socket.WS2_32(00000002,00000002,00000000), ref: 00463927
                                                                                                                                                                                                                                                • WSAIoctl.WS2_32(00000000,4004747F,00000000,00000000,?,000005F0,?,00000000,00000000), ref: 0046394E
                                                                                                                                                                                                                                                • closesocket.WS2_32(00000000), ref: 00463958
                                                                                                                                                                                                                                                • htonl.WS2_32(00000000), ref: 0046397C
                                                                                                                                                                                                                                                  • Part of subcall function 004636FB: htonl.WS2_32(?), ref: 0046370B
                                                                                                                                                                                                                                                • htonl.WS2_32(?), ref: 004639A7
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: htonl$Ioctlclosesocketsocket
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3500403049-0
                                                                                                                                                                                                                                                • Opcode ID: e2e6569a53c49b2c45f194cbf86af1890e3454501fc2e177d11a983cbe2c8266
                                                                                                                                                                                                                                                • Instruction ID: 6c9e4f150a972fd1b1b6b087670543349d086c147b308e6accfa2f1f7a51fbca
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e2e6569a53c49b2c45f194cbf86af1890e3454501fc2e177d11a983cbe2c8266
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4E115C71A00154BBC7205B7ACC8CD7F7AAAEF80326F140126F119C61D1E7B44E068E55
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0043C3B8 Relevance: 7.5, APIs: 5, Instructions: 44threadCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • RtlEnterCriticalSection.NTDLL(00543978), ref: 0043C3C4
                                                                                                                                                                                                                                                • RtlEnterCriticalSection.NTDLL(005431B8), ref: 0043C3D0
                                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 0043C419
                                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 0043C425
                                                                                                                                                                                                                                                • RtlLeaveCriticalSection.NTDLL(005431B8), ref: 0043C42C
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CriticalSection$CurrentEnterThread$Leave
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3476096762-0
                                                                                                                                                                                                                                                • Opcode ID: 35474f90d31593a1f8cab07f4f85810501e0e74ce28638b86a7298497c40546c
                                                                                                                                                                                                                                                • Instruction ID: 7e012595fc6096444b6f3579f6d7fb995ba997b66bce14fbd92c62cb22b89932
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 35474f90d31593a1f8cab07f4f85810501e0e74ce28638b86a7298497c40546c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B00171365006448F8720DF29FDC58A5B7ECFB99308341142BD90AE7231CB36AE09DB94
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0048A738 Relevance: 7.5, APIs: 4, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • C:\Users\user\AppData\Roaming\BitTorrent, xrefs: 0048A738
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: tolower
                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Roaming\BitTorrent
                                                                                                                                                                                                                                                • API String ID: 3025214199-3654464935
                                                                                                                                                                                                                                                • Opcode ID: a654b470419023a614d8852c516d1ee8420b80aa0b5c637eac106494fc87aefe
                                                                                                                                                                                                                                                • Instruction ID: d44d233d1a6f3e1a27cfd5831f5f59e22ce0bd8f731564760032d6e25637d591
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a654b470419023a614d8852c516d1ee8420b80aa0b5c637eac106494fc87aefe
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8AF05E8130822155D7243AAA588663A53E8DB48722724482BF9C1C31C2FBECCCF1E36E
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00436934 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 168COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ??3@
                                                                                                                                                                                                                                                • String ID: 0*T$router.bittorrent.com$router.utorrent.com
                                                                                                                                                                                                                                                • API String ID: 613200358-3103544725
                                                                                                                                                                                                                                                • Opcode ID: ce01816b38d7b72f7303bbb77de3ff744d553c93b72a5bf29e1d79f3e9702aa7
                                                                                                                                                                                                                                                • Instruction ID: eae4eece34bf3562b1170ae233a08a6e252589feefd3e0b9502ee6f4ca7fc504
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ce01816b38d7b72f7303bbb77de3ff744d553c93b72a5bf29e1d79f3e9702aa7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 83512674600222AFD725DF1AE88059277A1FB6E318F52D42FE442C7761D778A849DF18
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0043B31B Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 141COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 0043B32F
                                                                                                                                                                                                                                                • SetEvent.KERNEL32(00000000,00000000,00000000,?,004367AE,?), ref: 0043B4B8
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ??2@Event
                                                                                                                                                                                                                                                • String ID: d1T$router.utorrent.com
                                                                                                                                                                                                                                                • API String ID: 1199912661-3510331610
                                                                                                                                                                                                                                                • Opcode ID: f6e431fe89dd98b3f9c3ba2350b10637d288a8cfd5fcf5377e0bd6d68468085c
                                                                                                                                                                                                                                                • Instruction ID: 9f68eb85fa4bd5eb6204af8265f1cc69ef63f1bf8c6e5bff0d0b32c0d889cc13
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f6e431fe89dd98b3f9c3ba2350b10637d288a8cfd5fcf5377e0bd6d68468085c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2C51D271900204ABCF04EF65C8917AE7BA4EF58318F10546EED059B253DB38DA55CBD9
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00418D26 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 121COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • %s: HTTP preventing DNS lookup: %S, xrefs: 00418E64
                                                                                                                                                                                                                                                • %s: HTTP invalid URL: %S, xrefs: 00418DCE
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ??2@??3@
                                                                                                                                                                                                                                                • String ID: %s: HTTP invalid URL: %S$%s: HTTP preventing DNS lookup: %S
                                                                                                                                                                                                                                                • API String ID: 1936579350-1137797574
                                                                                                                                                                                                                                                • Opcode ID: 2bf47f8b974649ef0f7da199ecf61f6052ea5892d600c92d253377901f592776
                                                                                                                                                                                                                                                • Instruction ID: d620f53078011bc6b8dff256afb9ec6805e019e4bd4616deaf122f7a0ffcdef0
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2bf47f8b974649ef0f7da199ecf61f6052ea5892d600c92d253377901f592776
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C4412172900349AACB11EFA1D8909EF7B69AF44304F04441FFA0957292DF399A89DB99
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0044C5B2 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114stringnetworkCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 0044C5C0
                                                                                                                                                                                                                                                  • Part of subcall function 00466AA1: LoadLibraryA.KERNEL32(wininet.dll,00000000,004879A0,?,?,0044C651,00000000,?,?,?,?,?,?,00459CFD,00459C7E,?), ref: 00466AB9
                                                                                                                                                                                                                                                  • Part of subcall function 00466AA1: GetProcAddress.KERNEL32(00000000,wininet.dll), ref: 00466AD3
                                                                                                                                                                                                                                                  • Part of subcall function 00466AA1: GetLastError.KERNEL32(?,?,0044C651,00000000,?,?,?,?,?,?,00459CFD,00459C7E,?,00000000), ref: 00466AEA
                                                                                                                                                                                                                                                • InternetSetCookieA.WININET(?,00000000,?), ref: 0044C684
                                                                                                                                                                                                                                                • strchr.MSVCRT ref: 0044C68D
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ??2@AddressCookieErrorInternetLastLibraryLoadProcstrchr
                                                                                                                                                                                                                                                • String ID: wininet.dll
                                                                                                                                                                                                                                                • API String ID: 3787153555-3354682871
                                                                                                                                                                                                                                                • Opcode ID: b683ebaa780335d0b6a837bcf02b64389096acddbcfe1e9846d3922871f507fb
                                                                                                                                                                                                                                                • Instruction ID: 7c75fa48f57f1f9338d8e1b35b83b027339c713dd4c40e4aa8be100988d9bc29
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b683ebaa780335d0b6a837bcf02b64389096acddbcfe1e9846d3922871f507fb
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 19316830B02211ABEB689F29C494B6E7791AF41354F09942FE9059B3A2DF38DC01C788
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004156CB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 105COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • DNS resolution failed for %s %S, xrefs: 004157C4
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ??3@
                                                                                                                                                                                                                                                • String ID: DNS resolution failed for %s %S
                                                                                                                                                                                                                                                • API String ID: 613200358-1403289015
                                                                                                                                                                                                                                                • Opcode ID: c2baca71a3939439c4548a4f1e244332c5d02e68a39796598ec705cdb6261fa0
                                                                                                                                                                                                                                                • Instruction ID: 0f82755f592f3d899af99eef9a69d5d363343fc77bc645eb8708aa390abb9e80
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c2baca71a3939439c4548a4f1e244332c5d02e68a39796598ec705cdb6261fa0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 30418275900604EBCB05EF55C886EDEB7B4FF44304F1004BBE8156B2A2DB74AE81DBA8
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0049B2C7 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 85COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ??2@CountTick
                                                                                                                                                                                                                                                • String ID: Invalid tracker URL.$UDP Trackers disabled.
                                                                                                                                                                                                                                                • API String ID: 1586335746-3239080385
                                                                                                                                                                                                                                                • Opcode ID: d046b59441b9d849ecb64f87c91369fbf556c522bcd30c539bbffaa3e183b7b9
                                                                                                                                                                                                                                                • Instruction ID: e012321285f1a9367b100574be3407be3b25622a498367b2f636e362245e8568
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d046b59441b9d849ecb64f87c91369fbf556c522bcd30c539bbffaa3e183b7b9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AB21B475A001209BCF11EFA5BD52ABE7B64FB16708740043FE95267292DF7818199BCE
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004099DA Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 67COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: htonl
                                                                                                                                                                                                                                                • String ID: Banned$Banned %A until %S$forever
                                                                                                                                                                                                                                                • API String ID: 2009864989-2133071134
                                                                                                                                                                                                                                                • Opcode ID: 4e9558bf62ae90ae000fb6fd9410a0472af16fc993f2bf1c34103314346ed195
                                                                                                                                                                                                                                                • Instruction ID: f42a1fea6fa647b753fcabe0814e0cae93787c3972e73afe086f80f7264023ff
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4e9558bf62ae90ae000fb6fd9410a0472af16fc993f2bf1c34103314346ed195
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 62219271200680ABCB14EB65C811AEB77E4AF15309F04852FE886A73D3DB7CAE04CB59
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0043C5B1 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • RtlEnterCriticalSection.NTDLL(005431B8), ref: 0043C5C8
                                                                                                                                                                                                                                                • RtlLeaveCriticalSection.NTDLL(005431B8), ref: 0043C5ED
                                                                                                                                                                                                                                                • RtlInitializeCriticalSection.NTDLL(0054314C), ref: 0043C5F4
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CriticalSection$EnterInitializeLeave
                                                                                                                                                                                                                                                • String ID: dns
                                                                                                                                                                                                                                                • API String ID: 3991485460-2196626497
                                                                                                                                                                                                                                                • Opcode ID: 4a91c240b09d77c3ef5056d93b1e20f5fc306e2a58f40cff44b38f78e6df9c32
                                                                                                                                                                                                                                                • Instruction ID: e0ab7797676725561b9d37e6b534f1cda693accf133c2f0c670ee902131896d1
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4a91c240b09d77c3ef5056d93b1e20f5fc306e2a58f40cff44b38f78e6df9c32
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 72E06C325001557BD70567AAECC9DEF7A6CAF85715F040075F201B6152CE550A0583B5
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004A0163 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 25sleepCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(00545818,00000001), ref: 004A016E
                                                                                                                                                                                                                                                • Sleep.KERNEL32(000003E8,?,?,?,?,?,00459CFD,00459C7E,?,00000000), ref: 004A019E
                                                                                                                                                                                                                                                  • Part of subcall function 0043C5FF: CreateThread.KERNEL32(?,?,?,?,?,?), ref: 0043C625
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,NoMemoryThread,00000000,00000000,004A0128,?,00000000,?,?,?,?,?,?,00459CFD,00459C7E,?), ref: 004A0193
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CloseCreateExchangeHandleInterlockedSleepThread
                                                                                                                                                                                                                                                • String ID: NoMemoryThread
                                                                                                                                                                                                                                                • API String ID: 173309394-1247638031
                                                                                                                                                                                                                                                • Opcode ID: abc9f31fff3e489709833e7224c6a2e9d236e37363e54b1419c48a528e59c8a0
                                                                                                                                                                                                                                                • Instruction ID: aecc85fc3f027f462a876166e02bb1b3bf514cbb59aa6370194c77ac6780c509
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: abc9f31fff3e489709833e7224c6a2e9d236e37363e54b1419c48a528e59c8a0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 14E0C2B1640350BFF62467629CCEEFB7E5CDB15B51F000026F605EA0C1EEBA88404779
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00422AF3 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 225COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                                                                                • String ID: magnet:$urn:btih:
                                                                                                                                                                                                                                                • API String ID: 3510742995-414134851
                                                                                                                                                                                                                                                • Opcode ID: 0b19205f8c9c64474596cfdc2702ad390d36ece6e365ed8db94b2e5d2534cf65
                                                                                                                                                                                                                                                • Instruction ID: 4aa5a1a3174efb4fef05afc21d7cb0b3777e498621b8598dd8fb9ccbe50d06c1
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0b19205f8c9c64474596cfdc2702ad390d36ece6e365ed8db94b2e5d2534cf65
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A061A031B001246BCF25AF21A6516BE27629F91748F88845BA8025F3A2CFFCCD46D78D
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004691AE Relevance: 6.1, APIs: 4, Instructions: 106COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: wcschr$memcpy
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2559618953-0
                                                                                                                                                                                                                                                • Opcode ID: 261df53c08f02ee1aca423d99b0627fadd6e267a67805953f05b7c8bc172bfee
                                                                                                                                                                                                                                                • Instruction ID: 63611682834760c4b278afb1a1dcb794430d24a41a24756e3902c11929508142
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 261df53c08f02ee1aca423d99b0627fadd6e267a67805953f05b7c8bc172bfee
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 75314872900201FACF258F55D8519FBB7ACDF5636071449ABE846CB240F6B4EE4582AA
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00472C11 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 98COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                                                                                • String ID: 3:numi%de$6:filter%d:$8:msg_typei%de
                                                                                                                                                                                                                                                • API String ID: 3510742995-4024669026
                                                                                                                                                                                                                                                • Opcode ID: a004971952b35330942837f81b00bc70cfa10b93570343e5a59c8dc482816315
                                                                                                                                                                                                                                                • Instruction ID: 57d17bed9ce161fa069970eb5600cebc36a7fda47eaff17524c4fc91ab29f743
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a004971952b35330942837f81b00bc70cfa10b93570343e5a59c8dc482816315
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DE312872600344AFD710DB79CC41FEEBBE9AF94308F04446EE559D3392D7B86A448B15
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004A03C0 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 97COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                                                                                • String ID: .!bt$\\?\
                                                                                                                                                                                                                                                • API String ID: 3510742995-4282639525
                                                                                                                                                                                                                                                • Opcode ID: d2dec3a76f6fd6af37d31d0907262322b73799efe465eb2c15ae9d8c2b3fac84
                                                                                                                                                                                                                                                • Instruction ID: a487e95d7af7c972d484a33d1a734871747e55acce950b6df4eb6ff90a609481
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d2dec3a76f6fd6af37d31d0907262322b73799efe465eb2c15ae9d8c2b3fac84
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8E3126B2D00505AFCF14DFA8C491ABEB7B0EF1630CB08816AD946DB341E7B8AA45C784
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0047332A Relevance: 6.1, APIs: 4, Instructions: 88networkCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: htonlhtons
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 493294928-0
                                                                                                                                                                                                                                                • Opcode ID: 127ad824d8e82b07a1ce34bc446f1c531e1cccb2c041cacce396ab7e050da970
                                                                                                                                                                                                                                                • Instruction ID: 22433f342eae17e2599f99bdc9336c61e869b08db531d6f3525b1eeb3ecb1daa
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 127ad824d8e82b07a1ce34bc446f1c531e1cccb2c041cacce396ab7e050da970
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0031BC74A04289EFCF00CFA8C8846EEBFB5AF59305F04805AEC45AB382C7745A45DBA5
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0043C436 Relevance: 6.0, APIs: 4, Instructions: 42threadCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • RtlEnterCriticalSection.NTDLL(005431B8), ref: 0043C44C
                                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 0043C45B
                                                                                                                                                                                                                                                • RtlLeaveCriticalSection.NTDLL(005431B8), ref: 0043C4A1
                                                                                                                                                                                                                                                • RtlLeaveCriticalSection.NTDLL(005431B8), ref: 0043C4A5
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CriticalSection$Leave$CurrentEnterThread
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2905768538-0
                                                                                                                                                                                                                                                • Opcode ID: f1868ce94f52ab719e366593b7ea1adbb65317a775ae6f436c5795f56f5cb87c
                                                                                                                                                                                                                                                • Instruction ID: 7d8ba6755e7438827e13f129986cd2114c4aaab8629c6976e64154cfb093b7c2
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f1868ce94f52ab719e366593b7ea1adbb65317a775ae6f436c5795f56f5cb87c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3801D6397001008F87189F25DCC48B9B768EBEA328315A16FD4055B232DE37DA08D744
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004B38F1 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 331COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CursorDestroy
                                                                                                                                                                                                                                                • String ID: [%dK] $%s%s%s%s
                                                                                                                                                                                                                                                • API String ID: 1272848555-727602753
                                                                                                                                                                                                                                                • Opcode ID: ecf457c26f42f284d3df3527170c4a1b83247d03e6d9f7838a0dc8392c883937
                                                                                                                                                                                                                                                • Instruction ID: e6c6407926f3d54a86db99a8da68419bb7f367b7467080d83078297a4f063187
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ecf457c26f42f284d3df3527170c4a1b83247d03e6d9f7838a0dc8392c883937
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FDC1D5755002049FDB15FF22EC42AEE3769EB21308F10051FF856921B2EF79AE19DB69
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00438A7E Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 152COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ??2@??3@
                                                                                                                                                                                                                                                • String ID: 4-T
                                                                                                                                                                                                                                                • API String ID: 1936579350-2416925532
                                                                                                                                                                                                                                                • Opcode ID: 6b024fab04071833efa7b9a9b9430115a0194f694a8af2addeeed429ac7132a1
                                                                                                                                                                                                                                                • Instruction ID: 1c270ae4fb1ea26f8b841b5d570e454327e2dedc51aae199c91a21947af6457e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6b024fab04071833efa7b9a9b9430115a0194f694a8af2addeeed429ac7132a1
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2F517EB0A003068FCB19CF58C9D05AEF7B2FB99318F64546EE0029B341DB79AD42CB58
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00473994 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 77COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • RangeBlock disconnected peer %a, xrefs: 00473A42
                                                                                                                                                                                                                                                • IpFilter disconnected peer %a, xrefs: 004739C1
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: IpFilter disconnected peer %a$RangeBlock disconnected peer %a
                                                                                                                                                                                                                                                • API String ID: 0-2597693799
                                                                                                                                                                                                                                                • Opcode ID: 2da88891ebb65df30704d5b3a4af253fb9ee1588faa8dda32cd7555cf1b9028e
                                                                                                                                                                                                                                                • Instruction ID: 1ea1fd59f05d482a351cc222ecde363e719d7a9145d811317ca3e323108a08b9
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2da88891ebb65df30704d5b3a4af253fb9ee1588faa8dda32cd7555cf1b9028e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 462164B12007407BCF05AB758957BFBB7CC9F42309F04086FA4D693283CA6D6E09A329
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00420064 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • htonl.WS2_32(?), ref: 004200C4
                                                                                                                                                                                                                                                  • Part of subcall function 00422060: strrchr.MSVCRT ref: 00422064
                                                                                                                                                                                                                                                  • Part of subcall function 00422060: _strcmpi.MSVCRT ref: 00422077
                                                                                                                                                                                                                                                  • Part of subcall function 00422060: _strcmpi.MSVCRT ref: 00422088
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: _strcmpi$htonlstrrchr
                                                                                                                                                                                                                                                • String ID: %I.%s$zz.countries.nerd.dk
                                                                                                                                                                                                                                                • API String ID: 3439610112-1728926548
                                                                                                                                                                                                                                                • Opcode ID: 21933104a8e1164d6b1d6c221f3f089676176cae9027cb95d949368265b00a95
                                                                                                                                                                                                                                                • Instruction ID: a8d61a018f07e361a72b1963682cad460ed47a7294713893fb627055a8b33001
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 21933104a8e1164d6b1d6c221f3f089676176cae9027cb95d949368265b00a95
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1A113820E043A4B9DF21A7F96811BEF7BF05F45304F20058FE59163393DA394A00D319
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004A15D3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 56networkCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • WSAStringToAddressA.WS2_32(router.utorrent.com,00000017,00000000,?,00000000), ref: 004A1607
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AddressString
                                                                                                                                                                                                                                                • String ID: 255.255.255.255$router.utorrent.com
                                                                                                                                                                                                                                                • API String ID: 2549180374-1825131616
                                                                                                                                                                                                                                                • Opcode ID: 69c1401d75a7a9f8716bd44670971542cc9859f9ab29c8ab6b0466b5d6d9fa07
                                                                                                                                                                                                                                                • Instruction ID: df57e47d6d9c35cbe90187957cb7494e49d0c2faea25b98ec6725d9bea611e6b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 69c1401d75a7a9f8716bd44670971542cc9859f9ab29c8ab6b0466b5d6d9fa07
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D001C432A00104ABCB348928C8819AF366AABA3334F344317F876DB2F0D67499468685
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004635B9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • inet_addr.WS2_32(4.2.2.1), ref: 004635DF
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: inet_addr
                                                                                                                                                                                                                                                • String ID: 2001:db8::1428:57ab$4.2.2.1
                                                                                                                                                                                                                                                • API String ID: 1393076350-2965112811
                                                                                                                                                                                                                                                • Opcode ID: 0ce0a04e93aff3ff39ae14a78c680880ed1439fd117edd00775c0830c8409547
                                                                                                                                                                                                                                                • Instruction ID: 02c7b7f996b1a32e2f2dc17ec180a5a8e4ab35d4e5bd554b5c0c86b5553e2ea3
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0ce0a04e93aff3ff39ae14a78c680880ed1439fd117edd00775c0830c8409547
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FE01F774601298BBCB106F55ECCABF6BAE9A72530DF104026F401923B1E7694B0C9B57
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0049BF30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • htonl.WS2_32(?), ref: 0049BF56
                                                                                                                                                                                                                                                • sendto.WS2_32(?,M-SEARCH * HTTP/1.1HOST: 239.255.255.250:1900ST:upnp:rootdeviceMAN:"ssdp:discover"MX:3,00000062,00000000,?,00000010), ref: 0049BF71
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • M-SEARCH * HTTP/1.1HOST: 239.255.255.250:1900ST:upnp:rootdeviceMAN:"ssdp:discover"MX:3, xrefs: 0049BF69
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: htonlsendto
                                                                                                                                                                                                                                                • String ID: M-SEARCH * HTTP/1.1HOST: 239.255.255.250:1900ST:upnp:rootdeviceMAN:"ssdp:discover"MX:3
                                                                                                                                                                                                                                                • API String ID: 2860686779-4192374792
                                                                                                                                                                                                                                                • Opcode ID: 15b9d88b7a13e7f673ed9d580128be07fcc262bb1edb3e456c6ecf3d8dbed4aa
                                                                                                                                                                                                                                                • Instruction ID: e0e9b9bb22adbc8766f5d9c751add6dad8f24f89d82cdd608b6cb831cb06732d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 15b9d88b7a13e7f673ed9d580128be07fcc262bb1edb3e456c6ecf3d8dbed4aa
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 50F054765407187AEB005BA9DC06FEFB7B8FF08710F004436F651EB1E1D6B1A5108795
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004667A3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 0048C4D5: TlsGetValue.KERNEL32(00000015,?,00466A32,0000000C,?,00000000,00000000,?,?,004B36F4,?), ref: 0048C4EA
                                                                                                                                                                                                                                                  • Part of subcall function 0048C4D5: malloc.MSVCRT ref: 0048C4F9
                                                                                                                                                                                                                                                  • Part of subcall function 0048C4D5: TlsSetValue.KERNEL32(00000000,00000002,?,004B36F4,?), ref: 0048C511
                                                                                                                                                                                                                                                • SetPropA.USER32(?,MsgBoxData,?), ref: 004667DD
                                                                                                                                                                                                                                                • CallNextHookEx.USER32(00000000,?,?,?), ref: 00466800
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Value$CallHookNextPropmalloc
                                                                                                                                                                                                                                                • String ID: MsgBoxData
                                                                                                                                                                                                                                                • API String ID: 2721637341-1423917892
                                                                                                                                                                                                                                                • Opcode ID: eb003bac46e18555541f9b9f3689a58453bd10c0ec5a7171c873b28812d08216
                                                                                                                                                                                                                                                • Instruction ID: 96e589d59669b4a447dfeb47b0227b2d50364a01aca2a15882e80b0be42958ea
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: eb003bac46e18555541f9b9f3689a58453bd10c0ec5a7171c873b28812d08216
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 14F0A431801264AFDB21AF51C944F9BBFA5EF1472AF02801AFD181B212D739D944D79A
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004A1281 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetLastInputInfo.USER32(?), ref: 004A12AF
                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 004A12B9
                                                                                                                                                                                                                                                  • Part of subcall function 00466AA1: LoadLibraryA.KERNEL32(wininet.dll,00000000,004879A0,?,?,0044C651,00000000,?,?,?,?,?,?,00459CFD,00459C7E,?), ref: 00466AB9
                                                                                                                                                                                                                                                  • Part of subcall function 00466AA1: GetProcAddress.KERNEL32(00000000,wininet.dll), ref: 00466AD3
                                                                                                                                                                                                                                                  • Part of subcall function 00466AA1: GetLastError.KERNEL32(?,?,0044C651,00000000,?,?,?,?,?,?,00459CFD,00459C7E,?,00000000), ref: 00466AEA
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Last$AddressCountErrorInfoInputLibraryLoadProcTick
                                                                                                                                                                                                                                                • String ID: user32.dll
                                                                                                                                                                                                                                                • API String ID: 1025015531-38312619
                                                                                                                                                                                                                                                • Opcode ID: a112a9686889df9a831d282431a84076c982358567b739679e5cb3dd2f07c2b9
                                                                                                                                                                                                                                                • Instruction ID: bfc9ea3d244ebf1e4fea3af29663cc51b919b289854c692d8d783de9128d73a4
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a112a9686889df9a831d282431a84076c982358567b739679e5cb3dd2f07c2b9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 58E0DF35610248AFDB00EFA0D8097DF7BE8AB1234CF5001A99201F22D2EFB5C848C725
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004022F3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • InterlockedDecrement.KERNEL32(?), ref: 004022FE
                                                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT ref: 00402316
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2502169259.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502128605.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502169259.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502532150.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2502580949.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ??3@DecrementInterlocked
                                                                                                                                                                                                                                                • String ID: source
                                                                                                                                                                                                                                                • API String ID: 2589872974-1602912115
                                                                                                                                                                                                                                                • Opcode ID: d57a1bf2b05a0cebf32b1054a823dd3a9b8039747c120ff45fb7c4f4f917e532
                                                                                                                                                                                                                                                • Instruction ID: 3ad6ac2798e9badfa8558a3821023d7d1e30fab5b03a1e026ff5565d53d0188b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d57a1bf2b05a0cebf32b1054a823dd3a9b8039747c120ff45fb7c4f4f917e532
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 91D05E77645920028522223A79095DF12998BC5722706043BFE0AE7386DEBC8E4A02AD
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                                Execution Coverage:11.3%
                                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                Signature Coverage:0%
                                                                                                                                                                                                                                                Total number of Nodes:622
                                                                                                                                                                                                                                                Total number of Limit Nodes:11
                                                                                                                                                                                                                                                execution_graph 2812 4a0128 2815 46680b 2812->2815 2816 46681a 2815->2816 2831 48a5a0 2816->2831 2818 46683d 2834 4a10e3 GetModuleHandleA 2818->2834 2821 466883 memset 2829 4668b2 2821->2829 2823 466a32 2824 466a64 MessageBoxW 2823->2824 2825 466a4b GetCurrentThreadId SetWindowsHookExW 2823->2825 2827 466a13 InterlockedExchange 2824->2827 2825->2824 2828 46696f LoadIconW 2830 46695b 2828->2830 2829->2828 2829->2830 2830->2827 2838 48c4d5 2830->2838 2844 48a39e 2831->2844 2835 4a10ff GetProcAddress 2834->2835 2836 4a10f4 LoadLibraryA 2834->2836 2837 46685d 2835->2837 2836->2835 2836->2837 2837->2821 2837->2830 2839 48c51c 2838->2839 2840 48c4de 2838->2840 2839->2823 2840->2839 2841 48c4e8 TlsGetValue 2840->2841 2842 48c518 2841->2842 2843 48c4f6 malloc TlsSetValue 2841->2843 2842->2823 2843->2842 2848 48a3ae 2844->2848 2845 48a4e3 2845->2818 2848->2845 2850 489fec 2848->2850 2882 489875 2848->2882 2888 489825 2848->2888 2851 48a16d 2850->2851 2852 48a005 2850->2852 2853 48a1df 2851->2853 2854 48a172 2851->2854 2855 48a12a 2852->2855 2856 48a014 2852->2856 2867 48a13b 2852->2867 2862 48a149 2853->2862 2853->2867 2859 48a179 2854->2859 2860 48a1bd 2854->2860 2854->2867 2855->2862 2863 48a136 2855->2863 2855->2867 2857 48a01a 2856->2857 2858 48a106 2856->2858 2868 48a0d0 2857->2868 2870 48a070 2857->2870 2871 48a02c 2857->2871 2929 489cbd 2858->2929 2861 48a181 2859->2861 2874 48a09c 2859->2874 2940 489a4f 2860->2940 2866 48a184 2861->2866 2861->2867 2862->2870 2934 489deb 2862->2934 2863->2867 2863->2868 2866->2870 2875 489825 2 API calls 2866->2875 2869 4898c5 2 API calls 2867->2869 2867->2870 2918 489cf9 2868->2918 2869->2870 2870->2848 2873 48a031 2871->2873 2871->2874 2877 48a075 2873->2877 2880 48a034 2873->2880 2874->2870 2910 4898c5 2874->2910 2875->2870 2898 489b81 2877->2898 2880->2870 2894 489499 2880->2894 2883 489886 2882->2883 2884 4898c0 2883->2884 2885 48943d 2 API calls 2883->2885 2886 4898a3 2883->2886 2884->2848 2885->2886 2886->2884 2887 48943d 2 API calls 2886->2887 2887->2884 2889 489836 2888->2889 2890 489870 2889->2890 2891 48943d 2 API calls 2889->2891 2892 489853 2889->2892 2890->2848 2891->2892 2892->2890 2893 48943d 2 API calls 2892->2893 2893->2890 2895 4894ac 2894->2895 2897 4894c4 2894->2897 2896 4894cd GetLastError 2895->2896 2895->2897 2896->2897 2897->2870 2899 489bb9 2898->2899 2900 4898c5 2 API calls 2899->2900 2901 489c0f 2900->2901 2902 4898c5 2 API calls 2901->2902 2903 489c43 2902->2903 2904 4898c5 2 API calls 2903->2904 2905 489c72 2904->2905 2906 4898c5 2 API calls 2905->2906 2907 489c96 2906->2907 2908 489cb6 2907->2908 2946 48943d 2907->2946 2908->2870 2911 489a49 2910->2911 2912 4898da __aulldvrm 2910->2912 2911->2874 2913 48943d 2 API calls 2912->2913 2914 4899e4 2912->2914 2913->2914 2915 48943d 2 API calls 2914->2915 2916 489a24 2914->2916 2915->2916 2916->2911 2917 48943d 2 API calls 2916->2917 2917->2911 2919 489d2d 2918->2919 2920 489d31 htonl 2919->2920 2922 489d52 2919->2922 2921 489b81 2 API calls 2920->2921 2925 489d50 2921->2925 2923 489cbd 3 API calls 2922->2923 2923->2925 2924 489dc1 2926 489de7 2924->2926 2928 48943d 2 API calls 2924->2928 2925->2924 2927 4898c5 2 API calls 2925->2927 2926->2870 2927->2924 2928->2926 2952 4594c4 2929->2952 2931 489cd2 2932 489825 2 API calls 2931->2932 2933 489cf4 2932->2933 2933->2870 2935 489e1e __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 2934->2935 2936 4898c5 2 API calls 2935->2936 2937 489f9b 2936->2937 2938 489fe5 2937->2938 2939 48943d 2 API calls 2937->2939 2938->2870 2939->2938 2941 489a66 2940->2941 2942 4898c5 2 API calls 2941->2942 2944 489a7e 2942->2944 2943 489b5e 2943->2870 2944->2943 2945 4898c5 2 API calls 2944->2945 2945->2943 2947 48944e 2946->2947 2948 489466 GetLastError 2947->2948 2950 48945b 2947->2950 2951 48948f 2947->2951 2949 489477 memset 2948->2949 2949->2951 2950->2949 2951->2908 2953 4594d2 2952->2953 2954 459515 WSAAddressToStringA 2953->2954 2955 4594d7 2953->2955 2954->2955 2955->2931 2956 464a35 GetPropW 2957 464a61 2956->2957 2961 464a78 2956->2961 2958 464a65 SetPropW 2957->2958 2957->2961 2958->2961 2959 464abc 2960 464aa6 SetPropW 2960->2959 2961->2959 2961->2960 2964 48c318 2961->2964 2969 464899 GetPropW 2964->2969 2966 48c326 2967 48c335 SetWindowLongW 2966->2967 2968 48c347 2966->2968 2967->2968 2968->2960 2969->2966 2970 4667a3 2971 48c4d5 3 API calls 2970->2971 2973 4667ac 2971->2973 2972 4667e8 CallNextHookEx 2973->2972 2978 4aeca6 2973->2978 2976 4667d0 SetPropA 2977 48c4d5 3 API calls 2976->2977 2977->2972 2979 4aecbc 2978->2979 2986 4aecb5 2978->2986 2992 464899 GetPropW 2979->2992 2981 4aecc9 2982 4aed17 2981->2982 2983 4aecd5 ??2@YAPAXI 2981->2983 2982->2986 2987 4aed20 ??2@YAPAXI 2982->2987 2984 4aecfd 2983->2984 2985 4aece3 GetWindowLongW 2983->2985 2993 46488a SetPropW 2984->2993 2985->2984 2986->2976 2988 4aed3d SetWindowLongW 2987->2988 2989 4aed2c 2987->2989 2988->2986 2989->2988 2991 4aed0d SetWindowLongW 2991->2982 2992->2981 2993->2991 2238 48bc10 2239 48bc1b 2238->2239 2241 48bc31 2238->2241 2256 468618 ??3@YAXPAX 2239->2256 2244 46864f 2241->2244 2242 48bc24 2245 468662 2244->2245 2254 468620 2244->2254 2246 468666 ??3@YAXPAX 2245->2246 2247 468678 realloc 2245->2247 2248 468685 2246->2248 2247->2248 2249 468671 2247->2249 2248->2242 2252 4a0163 98 API calls 2249->2252 2250 468637 2250->2242 2251 468642 malloc 2253 46864d 2251->2253 2251->2254 2252->2247 2253->2242 2254->2250 2254->2251 2257 4a0163 InterlockedExchange 2254->2257 2256->2242 2258 4a0178 2257->2258 2259 4a0199 Sleep 2257->2259 2262 43c5ff 2258->2262 2259->2251 2263 43c612 2262->2263 2264 43c615 CreateThread 2262->2264 2263->2264 2271 43c3b8 RtlEnterCriticalSection 2264->2271 2305 459cc7 2264->2305 2313 439d9e GetCurrentThreadId 2264->2313 2319 46f4e8 2264->2319 2270 43c65b CloseHandle 2270->2259 2272 43c432 2271->2272 2273 43c3cf RtlEnterCriticalSection 2271->2273 2277 43c4f3 2272->2277 2274 43c3d9 2273->2274 2275 43c42b RtlLeaveCriticalSection 2274->2275 2276 43c3e5 GetCurrentThreadId GetCurrentThreadId 2274->2276 2275->2272 2276->2275 2278 43c4ff 2277->2278 2288 48c20c 2278->2288 2280 43c525 2281 43c436 2280->2281 2282 43c4a4 RtlLeaveCriticalSection 2281->2282 2283 43c44a RtlEnterCriticalSection 2281->2283 2282->2270 2303 43c341 2283->2303 2285 43c459 GetCurrentThreadId 2286 43c4a0 RtlLeaveCriticalSection 2285->2286 2287 43c467 2285->2287 2286->2282 2287->2286 2289 48c21b 2288->2289 2290 48c223 memmove 2288->2290 2292 48c18f 2289->2292 2290->2280 2293 48c199 2292->2293 2296 48bc10 2293->2296 2297 48bc1b 2296->2297 2299 48bc31 2296->2299 2302 468618 ??3@YAXPAX 2297->2302 2301 46864f 101 API calls 2299->2301 2300 48bc24 2300->2290 2301->2300 2302->2300 2304 43c37b 2303->2304 2304->2285 2324 46b834 2305->2324 2307 459ccc 2308 459ce3 2307->2308 2309 459cf2 2307->2309 2327 4475bf 2308->2327 2330 44c5b2 ??2@YAPAXI 2309->2330 2312 459cf0 2314 439db2 2313->2314 2315 439db9 2313->2315 2630 4371fa 2314->2630 2636 439c02 2315->2636 2318 439dc2 2660 46f337 GetTickCount 2319->2660 2322 48b74d ??3@YAXPAX 2323 46f4fb 2322->2323 2325 43c3b8 5 API calls 2324->2325 2326 46b83e GetCurrentThreadId 2325->2326 2326->2307 2348 447393 2327->2348 2331 44c5ca 2330->2331 2556 44befd 2331->2556 2334 44c651 2336 4453ed strchr 2334->2336 2339 44c627 2334->2339 2344 44c664 2336->2344 2338 44c623 2338->2334 2338->2339 2574 466aa1 2338->2574 2342 44c630 2339->2342 2568 44bf64 2339->2568 2340 44c69a 2343 421dc1 98 API calls 2340->2343 2346 44c6ab 2340->2346 2342->2312 2343->2346 2344->2340 2345 44c67e InternetSetCookieA strchr 2344->2345 2345->2344 2581 468618 ??3@YAXPAX 2346->2581 2349 4473a8 2348->2349 2350 4473c8 2349->2350 2352 4473dd 2349->2352 2385 447283 ??2@YAPAXI 2350->2385 2351 447424 ??2@YAPAXI 2354 447433 2351->2354 2357 44743a 2351->2357 2352->2351 2356 4473fd 2352->2356 2389 445751 2354->2389 2359 44c5b2 98 API calls 2356->2359 2361 4473d8 2356->2361 2374 48ba1d 2357->2374 2359->2361 2360 4474ac 2362 4474c0 2360->2362 2392 48aac4 2360->2392 2361->2312 2364 44752a 2362->2364 2378 470936 2362->2378 2365 447545 ??2@YAPAXI 2364->2365 2368 447551 2364->2368 2365->2368 2399 44541c 2368->2399 2369 44750e 2381 43dcc6 ??2@YAPAXI 2369->2381 2370 447518 2396 470925 2370->2396 2375 48ba29 2374->2375 2376 48ba2e 2374->2376 2402 48aba3 2375->2402 2376->2360 2406 470646 _strnicmp 2378->2406 2382 43dcf8 2381->2382 2383 43dce8 2381->2383 2382->2370 2486 43dc53 2383->2486 2386 447296 2385->2386 2508 445baa 2386->2508 2512 46be1d 2389->2512 2391 44575a 2391->2357 2393 48aacf 2392->2393 2524 468618 ??3@YAXPAX 2393->2524 2395 48aada 2395->2362 2525 4708b4 2396->2525 2400 470646 101 API calls 2399->2400 2401 445435 2400->2401 2401->2361 2405 468618 ??3@YAXPAX 2402->2405 2404 48abaf 2404->2376 2405->2404 2407 47067d 2406->2407 2408 470669 _strnicmp 2406->2408 2411 48aac4 ??3@YAXPAX 2407->2411 2408->2407 2409 47068d _strnicmp 2408->2409 2409->2407 2410 4706ad _strnicmp 2409->2410 2410->2407 2412 4706c9 _strnicmp 2410->2412 2413 4706f4 strchr 2411->2413 2412->2407 2414 447502 ??2@YAPAXI 2412->2414 2415 47070c strchr 2413->2415 2416 470729 2413->2416 2414->2369 2414->2370 2417 48aac4 ??3@YAXPAX 2415->2417 2444 4453ed 2416->2444 2420 470724 2417->2420 2419 470730 2421 470745 2419->2421 2449 421dc1 2419->2449 2422 47075b memchr 2420->2422 2427 48aac4 ??3@YAXPAX 2421->2427 2424 470774 2422->2424 2425 4707a0 strrchr 2422->2425 2455 40471b 2424->2455 2429 4707c0 strchr 2425->2429 2430 4707bb 2425->2430 2427->2422 2432 4707d0 strchr 2429->2432 2435 4707e0 2429->2435 2430->2429 2432->2435 2433 48aac4 ??3@YAXPAX 2434 470796 2433->2434 2459 468618 ??3@YAXPAX 2434->2459 2435->2435 2436 421dc1 89 API calls 2435->2436 2440 4707ff 2436->2440 2438 47083c atoi 2439 47084b 2438->2439 2441 421dc1 89 API calls 2439->2441 2440->2438 2440->2439 2442 470857 2441->2442 2442->2414 2460 4704fd strchr 2442->2460 2445 445407 strchr 2444->2445 2446 445414 2445->2446 2447 4453f3 2445->2447 2446->2419 2447->2445 2448 445418 2447->2448 2448->2419 2450 421dcf 2449->2450 2451 421dcb 2449->2451 2473 468620 2450->2473 2451->2421 2453 421dd8 2453->2451 2454 421dde memcpy 2453->2454 2454->2451 2456 404734 2455->2456 2457 468620 101 API calls 2456->2457 2458 404770 2457->2458 2458->2433 2459->2425 2461 470530 2460->2461 2462 47051c strchr 2460->2462 2463 421dc1 98 API calls 2461->2463 2462->2461 2464 47053c 2462->2464 2463->2464 2479 421e28 2464->2479 2466 470573 2467 421dc1 98 API calls 2466->2467 2471 47059f 2467->2471 2468 4705f8 strchr 2470 47060b 2468->2470 2469 421e28 strchr 2469->2471 2470->2414 2471->2468 2471->2469 2482 48bc64 2471->2482 2474 46862c 2473->2474 2475 468637 2474->2475 2476 468642 malloc 2474->2476 2478 4a0163 100 API calls 2474->2478 2475->2453 2476->2474 2477 46864d 2476->2477 2477->2453 2478->2476 2480 421e2f strchr 2479->2480 2481 421e2c 2479->2481 2480->2481 2481->2466 2483 48bc7b 2482->2483 2484 48bc8e memcpy 2482->2484 2485 48bc10 100 API calls 2483->2485 2484->2471 2485->2484 2487 43dc6f 2486->2487 2490 43ccb8 2487->2490 2491 43cda2 2490->2491 2492 43ccca ??2@YAPAXI 2490->2492 2491->2382 2493 43cce6 memset 2492->2493 2494 43ccf4 2492->2494 2495 43ccf6 ??2@YAPAXI 2493->2495 2494->2495 2496 43cd09 2495->2496 2497 43cd0f ??2@YAPAXI 2495->2497 2496->2497 2498 43cd22 2497->2498 2499 43cd28 memset 2497->2499 2498->2499 2503 43cbec 2499->2503 2502 43cd61 memset 2502->2491 2504 43cb3d GetVersionExW LoadLibraryA GetProcAddress FreeLibrary 2503->2504 2505 43cc06 2504->2505 2506 43cc0a 2505->2506 2507 466aa1 LoadLibraryA GetProcAddress GetLastError 2505->2507 2506->2491 2506->2502 2507->2506 2509 445bb8 2508->2509 2510 48bc64 101 API calls 2509->2510 2511 445be3 2510->2511 2511->2361 2515 46bd77 2512->2515 2514 46be27 2514->2391 2520 48bc4e 2515->2520 2518 48bc64 101 API calls 2519 46bdb9 2518->2519 2519->2514 2521 46bda1 2520->2521 2522 48bc57 2520->2522 2521->2518 2523 48bc10 101 API calls 2522->2523 2523->2521 2524->2395 2526 48aba3 ??3@YAXPAX 2525->2526 2527 4708bd 2526->2527 2528 48aba3 ??3@YAXPAX 2527->2528 2529 4708c7 2528->2529 2530 48aba3 ??3@YAXPAX 2529->2530 2531 4708cf 2530->2531 2532 48aba3 ??3@YAXPAX 2531->2532 2533 4708d7 2532->2533 2534 48aba3 ??3@YAXPAX 2533->2534 2535 4708df 2534->2535 2536 48aba3 ??3@YAXPAX 2535->2536 2537 4708e7 2536->2537 2538 48aba3 ??3@YAXPAX 2537->2538 2539 4708ef 2538->2539 2540 48aba3 ??3@YAXPAX 2539->2540 2541 4708f7 2540->2541 2542 48aba3 ??3@YAXPAX 2541->2542 2543 4708ff 2542->2543 2544 48aba3 ??3@YAXPAX 2543->2544 2545 470906 2544->2545 2546 48aba3 ??3@YAXPAX 2545->2546 2547 47090e 2546->2547 2550 470874 2547->2550 2551 4708a0 2550->2551 2552 47087f 2550->2552 2554 48aba3 ??3@YAXPAX 2551->2554 2552->2551 2553 468618 ??3@YAXPAX 2552->2553 2553->2552 2555 4708ae 2554->2555 2557 44bf24 2556->2557 2558 44bf0b 2556->2558 2557->2338 2562 44c051 2557->2562 2559 44bf0f InterlockedIncrement 2558->2559 2560 44bf19 2558->2560 2559->2560 2560->2557 2582 40757e InterlockedDecrement 2560->2582 2584 46fc81 2562->2584 2564 44c067 2565 44c07d 2564->2565 2566 44c06f GetLastError 2564->2566 2565->2338 2587 44c039 2566->2587 2569 44bf77 2568->2569 2570 44bf72 2568->2570 2572 44bf85 2569->2572 2573 44bf7e ??3@YAXPAX 2569->2573 2571 40757e InterlockedDecrement 2570->2571 2571->2569 2572->2342 2573->2572 2578 466ab3 2574->2578 2575 466af2 2575->2334 2576 466ab8 LoadLibraryA 2576->2578 2579 466aea GetLastError 2576->2579 2577 466ad1 GetProcAddress 2580 466add 2577->2580 2578->2575 2578->2576 2578->2577 2578->2578 2579->2575 2580->2578 2581->2339 2583 407592 2582->2583 2583->2557 2585 46fc8b CreateFileW 2584->2585 2585->2564 2592 46b906 2587->2592 2589 44c045 2597 44bff1 2589->2597 2595 46b913 2592->2595 2596 46b94e 2595->2596 2601 4a1a2e 2595->2601 2596->2589 2598 44c005 2597->2598 2610 44bf8b 2598->2610 2602 4a1a5a FormatMessageW 2601->2602 2603 4a1a4a GetModuleHandleA 2601->2603 2604 4a1a70 2602->2604 2606 46ba46 2602->2606 2603->2602 2607 48a63b 2604->2607 2606->2589 2608 48a5a0 WSAAddressToStringA GetLastError memset GetLastError htonl 2607->2608 2609 48a657 2608->2609 2609->2606 2622 468618 ??3@YAXPAX 2610->2622 2612 44bf99 2613 44bfa6 2612->2613 2614 44bfab 2612->2614 2626 46f914 2613->2626 2616 44bfbc 2614->2616 2617 46b834 6 API calls 2614->2617 2623 48b74d 2616->2623 2617->2616 2620 44bfe5 InternetCloseHandle 2621 44bfee 2620->2621 2621->2565 2622->2612 2624 468618 ??3@YAXPAX 2623->2624 2625 44bfd2 2624->2625 2625->2620 2625->2621 2627 46f8fe 2626->2627 2628 46f912 2627->2628 2629 46f908 CloseHandle 2627->2629 2628->2614 2629->2628 2631 437200 GetCurrentThread SetThreadPriority 2630->2631 2632 43721a 2630->2632 2633 437237 GetCurrentThread SetThreadPriority 2631->2633 2634 43721f GetCurrentThread SetThreadPriority 2632->2634 2635 43723c 2632->2635 2633->2635 2634->2633 2635->2315 2646 439c29 2636->2646 2637 43c3b8 5 API calls 2637->2646 2638 43c436 4 API calls 2639 439c52 WaitForSingleObject 2638->2639 2640 43c3b8 5 API calls 2639->2640 2640->2646 2641 439d78 2643 43c436 4 API calls 2641->2643 2644 439d7f PostMessageW 2643->2644 2644->2318 2645 43c436 4 API calls 2645->2646 2646->2637 2646->2638 2646->2641 2646->2645 2647 4371fa 6 API calls 2646->2647 2648 438a7e 2646->2648 2647->2646 2649 438aa2 2648->2649 2650 438a96 2648->2650 2649->2646 2650->2649 2650->2650 2651 438aa9 ??2@YAPAXI 2650->2651 2652 438ad0 2651->2652 2656 4a0e81 2652->2656 2655 438af3 ??3@YAXPAX 2655->2649 2657 4a0e8a 2656->2657 2658 4a0eb1 GetTickCount 2657->2658 2659 4a0e95 2657->2659 2658->2655 2659->2655 2661 46f364 2660->2661 2662 46f4e2 2660->2662 2663 46f366 GetTickCount 2661->2663 2681 4b1615 2661->2681 2662->2322 2663->2661 2664 46f383 Sleep 2663->2664 2666 46f37f 2664->2666 2666->2664 2685 46b690 WSAWaitForMultipleEvents 2666->2685 2686 4a0eba 2666->2686 2669 46f39a GetTickCount 2675 46f3af 2669->2675 2670 46b834 6 API calls 2670->2675 2673 4a0eba 2 API calls 2673->2675 2675->2663 2675->2670 2675->2673 2678 46f4e0 2675->2678 2694 46f2ee 2675->2694 2698 4e15ee 2675->2698 2706 49b2c7 2675->2706 2725 46c8a5 2675->2725 2732 4232e1 2675->2732 2735 4a01a7 2675->2735 2738 46f29c 2675->2738 2678->2662 2682 4b1623 2681->2682 2683 4b161e 2681->2683 2682->2666 2742 4b156e 2683->2742 2685->2666 2687 4a0ec9 2686->2687 2688 4a0eec 2686->2688 2689 4a0e81 GetTickCount 2687->2689 2690 4a0e81 GetTickCount 2688->2690 2691 4a0ed7 __aulldiv 2689->2691 2692 4a0f02 __aulldiv 2690->2692 2760 469300 GetSystemTime 2691->2760 2692->2669 2695 46f2f5 2694->2695 2697 46f335 2694->2697 2696 46f31d WSAWaitForMultipleEvents 2695->2696 2696->2695 2696->2697 2697->2675 2699 4e15f3 2698->2699 2701 4e16d8 2699->2701 2703 4e1695 2699->2703 2762 48b5c5 2699->2762 2700 48bc10 101 API calls 2704 4e16a8 2700->2704 2701->2675 2703->2700 2703->2704 2704->2701 2765 4e0c68 2704->2765 2707 49b2dc 2706->2707 2708 49b2f5 GetTickCount 2706->2708 2707->2708 2709 49b30a 2708->2709 2710 49b325 2708->2710 2709->2710 2779 49b021 2709->2779 2711 49b389 2710->2711 2712 49b331 ??2@YAPAXI 2710->2712 2711->2675 2714 49b34f 2712->2714 2715 49b344 2712->2715 2717 49b35d 2714->2717 2719 49b38d 2714->2719 2789 49a405 2715->2789 2795 49a057 2717->2795 2719->2711 2720 49a057 ??3@YAXPAX 2719->2720 2723 49b3aa 2720->2723 2721 49b36f 2798 49a080 2721->2798 2724 49a080 ??3@YAXPAX 2723->2724 2724->2711 2801 468618 ??3@YAXPAX 2725->2801 2727 46c8b2 2729 46c8e2 2727->2729 2802 468618 ??3@YAXPAX 2727->2802 2731 46c906 2729->2731 2803 468618 ??3@YAXPAX 2729->2803 2731->2675 2733 4232f3 2732->2733 2734 4232ea HeapCompact 2732->2734 2733->2675 2734->2733 2736 4a01b9 2735->2736 2737 4a01b0 HeapCompact 2735->2737 2736->2675 2737->2736 2739 46f2a8 2738->2739 2741 46f2ad 2738->2741 2804 43b01b 2739->2804 2741->2675 2743 4b157c 2742->2743 2745 4b15e8 2743->2745 2752 443bd8 2743->2752 2745->2682 2746 4b15a1 2749 4b15b8 2746->2749 2755 442beb RegQueryInfoKeyW 2746->2755 2748 443bd8 2 API calls 2750 4b15d1 2748->2750 2749->2745 2749->2748 2750->2745 2756 442beb RegQueryInfoKeyW 2750->2756 2757 442a06 2752->2757 2755->2749 2756->2745 2758 442a0f RegCloseKey 2757->2758 2759 442a19 RegOpenKeyExW 2757->2759 2758->2759 2759->2746 2761 469331 2760->2761 2761->2688 2763 48b5d3 memcpy 2762->2763 2764 48b5f5 2762->2764 2763->2764 2764->2699 2767 4e0c7b 2765->2767 2768 4e0ccf 2767->2768 2775 468618 ??3@YAXPAX 2767->2775 2770 4e0cea 2768->2770 2776 468618 ??3@YAXPAX 2768->2776 2777 468618 ??3@YAXPAX 2770->2777 2772 4e0cf7 2778 468618 ??3@YAXPAX 2772->2778 2774 4e0d04 2775->2767 2776->2768 2777->2772 2778->2774 2780 49b033 2779->2780 2784 49b069 2779->2784 2781 49a057 ??3@YAXPAX 2780->2781 2783 49b05e 2780->2783 2782 49b04b 2781->2782 2785 49a080 ??3@YAXPAX 2782->2785 2783->2709 2784->2783 2786 49a057 ??3@YAXPAX 2784->2786 2785->2783 2787 49b0b7 2786->2787 2788 49a080 ??3@YAXPAX 2787->2788 2788->2783 2790 49a41a 2789->2790 2791 48aac4 ??3@YAXPAX 2790->2791 2792 49a456 2791->2792 2793 48bc64 101 API calls 2792->2793 2794 49a47d 2793->2794 2794->2714 2796 48aac4 ??3@YAXPAX 2795->2796 2797 49a073 2796->2797 2797->2721 2799 48aba3 ??3@YAXPAX 2798->2799 2800 49a091 2799->2800 2800->2711 2801->2727 2802->2727 2803->2729 2805 43b024 2804->2805 2807 43b032 2804->2807 2806 43c3b8 5 API calls 2805->2806 2806->2807 2807->2741 2994 459c7e 2995 459c90 2994->2995 2998 468618 ??3@YAXPAX 2995->2998 2997 459cba 2998->2997 2808 5c3c00 2809 5c3c18 VirtualProtect VirtualProtect 2808->2809 2811 5c47b0 2809->2811 2999 43abac 3000 43abb5 2999->3000 3001 43abc4 2999->3001 3003 43c5b1 3000->3003 3004 43c5f3 RtlInitializeCriticalSection 3003->3004 3005 43c5c7 RtlEnterCriticalSection 3003->3005 3004->3001 3006 43c5d8 3005->3006 3009 43c4ab 3006->3009 3010 43c4b9 3009->3010 3011 48c20c 101 API calls 3010->3011 3012 43c4dd RtlLeaveCriticalSection 3011->3012 3012->3004

                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                Function 005C3C00 Relevance: 3.9, APIs: 2, Instructions: 879memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • VirtualProtect.KERNEL32(-00001000,00001000,00000004,?,00000018), ref: 005C4793
                                                                                                                                                                                                                                                • VirtualProtect.KERNEL32(-00001000,00001000), ref: 005C47A8
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.1862594552.00000000005C3000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862403433.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862606004.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                                                                                                                • Opcode ID: adc767022a725d7b59a43354edcefaa6b920ae0b6e695f04c20663282151ebdd
                                                                                                                                                                                                                                                • Instruction ID: c82c76eaa7c433a81f545ea17fe59400075ed6e2d987560102243a7c2a33a7b6
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: adc767022a725d7b59a43354edcefaa6b920ae0b6e695f04c20663282151ebdd
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 98728A315083558FD724CF68C890B6ABBE1FF8A384F154A2DE9A58B351E371D985CF82
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0043CB3D Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 62COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 0 43cb3d-43cb4b 1 43cb54-43cb6d GetVersionExW 0->1 2 43cb4d-43cb4f 0->2 3 43cb73-43cb7c 1->3 4 43cb6f-43cb71 1->4 5 43cbe9-43cbeb 2->5 6 43cb98-43cb9f 3->6 7 43cb7e-43cb85 3->7 4->5 8 43cba1-43cbae 6->8 10 43cbe1-43cbe3 6->10 7->8 9 43cb87-43cb96 7->9 11 43cbaf-43cbc0 LoadLibraryA 8->11 9->11 12 43cbe7-43cbe8 10->12 11->10 13 43cbc2-43cbd0 GetProcAddress 11->13 12->5 14 43cbd2-43cbd8 13->14 15 43cbda-43cbdb FreeLibrary 13->15 14->15 17 43cbe5 14->17 15->10 17->12
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetVersionExW.KERNEL32(?,00000000), ref: 0043CB65
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862403433.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862594552.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862606004.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Version
                                                                                                                                                                                                                                                • String ID: InitSecurityInterfaceA$Secur32.dll$Security.dll
                                                                                                                                                                                                                                                • API String ID: 1889659487-120424522
                                                                                                                                                                                                                                                • Opcode ID: f86369792efebf1cbc9a667f6c0f5878fc807da0936c2e841876adaceadf0360
                                                                                                                                                                                                                                                • Instruction ID: ca89516d146353be0b8cf92b680ff75ad48473e28c0056155b85ac76703b81f7
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f86369792efebf1cbc9a667f6c0f5878fc807da0936c2e841876adaceadf0360
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9B118631904619DBCF218E25ACCA6D7F3A95F1A711F0010F6D905FF201D779A9898BAA
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004371FA Relevance: 9.0, APIs: 6, Instructions: 27threadCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetCurrentThread.KERNEL32 ref: 0043720B
                                                                                                                                                                                                                                                • SetThreadPriority.KERNEL32(00000000), ref: 00437214
                                                                                                                                                                                                                                                • GetCurrentThread.KERNEL32 ref: 0043722A
                                                                                                                                                                                                                                                • SetThreadPriority.KERNEL32(00000000), ref: 00437233
                                                                                                                                                                                                                                                • GetCurrentThread.KERNEL32 ref: 00437237
                                                                                                                                                                                                                                                • SetThreadPriority.KERNEL32(00000000), ref: 0043723A
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862403433.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862594552.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862606004.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Thread$CurrentPriority
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1343868529-0
                                                                                                                                                                                                                                                • Opcode ID: 676de2501da33460a3ae05aab1acf7e72cd43594922d2dc9fdf2b0796fd57fec
                                                                                                                                                                                                                                                • Instruction ID: 98b7f03d03192239b80dc3813169242e7629338a1043ac82295b91da3c824815
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 676de2501da33460a3ae05aab1acf7e72cd43594922d2dc9fdf2b0796fd57fec
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 20E0D872D0816411CD202BE62C44F1F2A1CEBC9331F1A0497F3009F180856458414BA7
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00466AA1 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42libraryloaderCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 24 466aa1-466ab1 25 466ab3-466ab6 24->25 26 466acc-466acf 24->26 27 466af2-466af8 25->27 28 466ab8-466ac3 LoadLibraryA 25->28 29 466ae7-466ae8 26->29 30 466ad1-466adb GetProcAddress 26->30 31 466ac5-466aca 28->31 32 466aea-466af0 GetLastError 28->32 29->25 33 466adf-466ae5 30->33 34 466add 30->34 31->26 31->31 32->27 33->31 34->33
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(wininet.dll,00000000,004879A0,?,?,0044C651,00000000,?,?,?,?,?,?,00459CFD,00459C7E,?), ref: 00466AB9
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,wininet.dll), ref: 00466AD3
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,0044C651,00000000,?,?,?,?,?,?,00459CFD,00459C7E,?,00000000), ref: 00466AEA
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862403433.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862594552.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862606004.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AddressErrorLastLibraryLoadProc
                                                                                                                                                                                                                                                • String ID: wininet.dll
                                                                                                                                                                                                                                                • API String ID: 3511525774-3354682871
                                                                                                                                                                                                                                                • Opcode ID: daff001abb3e70ba646bc644a6ca82468a865f3399cedef8fc47b8312c838540
                                                                                                                                                                                                                                                • Instruction ID: a11fecdcda467665f9f3dcdf23df545e30d05eb4b71810a525643f4418298fc5
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: daff001abb3e70ba646bc644a6ca82468a865f3399cedef8fc47b8312c838540
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 83F0F6750811A11BD7220AA598147E7BB989F93350F2AC42FE8C5A3301F6398C86C66F
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00443BD8 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14registryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 189 443bd8-443bfb call 442a06 RegOpenKeyExW
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00442A06: RegCloseKey.KERNEL32(00000000,?,00443BE0,Software\Wine,004B15A1,80000002,Software\Wine,00020019,00000000,00000019,74DF23A0,?,?,?,004B1623,0046F37F), ref: 00442A10
                                                                                                                                                                                                                                                • RegOpenKeyExW.KERNEL32(?,?,00000000,?,?,Software\Wine,004B15A1,80000002,Software\Wine,00020019,00000000,00000019,74DF23A0), ref: 00443BEF
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862403433.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862594552.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862606004.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CloseOpen
                                                                                                                                                                                                                                                • String ID: Software\Wine
                                                                                                                                                                                                                                                • API String ID: 47109696-669380751
                                                                                                                                                                                                                                                • Opcode ID: e6e61b4e1139124512d0c4bf1d47d5d43052b3154064fb2fa45849c4338c0c13
                                                                                                                                                                                                                                                • Instruction ID: 27eb3eee8b7a423b2ae2d0062fb25aff889c2060e01e461cfa5658acbba1d7d5
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e6e61b4e1139124512d0c4bf1d47d5d43052b3154064fb2fa45849c4338c0c13
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 24D02232058231AAC730AF309C00F8B7E94EFA5740F00092AB041A00B1C1A2C81697A1
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0046864F Relevance: 3.0, APIs: 2, Instructions: 41COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 192 46864f-468657 193 468662-468664 192->193 194 468659-46865d 192->194 196 468666-46866f ??3@YAXPAX@Z 193->196 197 468678-468683 realloc 193->197 200 468633-468635 194->200 201 46862c 194->201 198 468685-468687 196->198 197->198 199 468671-468673 call 4a0163 197->199 199->197 202 468637-46863a 200->202 203 468642-46864b malloc 200->203 201->200 205 46864d-46864e 203->205 206 46863b-46863d call 4a0163 203->206 206->203
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862403433.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862594552.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862606004.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ??3@
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 613200358-0
                                                                                                                                                                                                                                                • Opcode ID: aed804886c0c901c2cbc7e72088bf5850927e947ebdb5d0f6f587539e1148540
                                                                                                                                                                                                                                                • Instruction ID: db61aecf8e1706f7fd255cdc1c82c8ee31a1c7d84fb4cf551ad39dba11242865
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: aed804886c0c901c2cbc7e72088bf5850927e947ebdb5d0f6f587539e1148540
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1AF0A033648131128A2A551EB8247BF43894BD5BB6F16422FE844D6340FE4C8C4351EE
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0044BF8B Relevance: 1.5, APIs: 1, Instructions: 38networkCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 208 44bf8b-44bfa4 call 468618 211 44bfa6 call 46f914 208->211 212 44bfab-44bfb0 208->212 211->212 214 44bfc7-44bfe3 call 48b74d 212->214 215 44bfb2-44bfc2 call 46b834 call 46b850 212->215 221 44bfe5-44bfe8 InternetCloseHandle 214->221 222 44bfee-44bff0 214->222 215->214 221->222
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00468618: ??3@YAXPAX@Z.MSVCRT ref: 00468619
                                                                                                                                                                                                                                                • InternetCloseHandle.WININET(00000000), ref: 0044BFE8
                                                                                                                                                                                                                                                  • Part of subcall function 0046F914: CloseHandle.KERNEL32(00000000,00000000,0044BFAB,00000000,00000000,0044C032,00000000,00000000,?), ref: 0046F909
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862403433.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862594552.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862606004.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CloseHandle$??3@Internet
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2633106329-0
                                                                                                                                                                                                                                                • Opcode ID: b05f799de33752161d1ae185632e8084a8eba3c012ca4e1222d97a27484179d4
                                                                                                                                                                                                                                                • Instruction ID: 655d0073e80e446d6a3aa6120acbe65ac203358a74ad795ffb257db75b2e5e0e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b05f799de33752161d1ae185632e8084a8eba3c012ca4e1222d97a27484179d4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5FF081711017818BC321AF6DD881496F7F5FF5A3283144A2ED1EA83752C735A949CB95
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0043C5FF Relevance: 1.5, APIs: 1, Instructions: 37threadCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 223 43c5ff-43c610 224 43c612 223->224 225 43c615-43c63f CreateThread call 43c3b8 223->225 224->225 227 43c644-43c660 call 43c4f3 call 43c436 225->227
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CreateThread.KERNEL32(?,?,?,?,?,?), ref: 0043C625
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862403433.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862594552.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862606004.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CreateThread
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2422867632-0
                                                                                                                                                                                                                                                • Opcode ID: f9f95c2ab982565c15a3cd51bbe0290331a2329acef78f87bd41ad26f2844460
                                                                                                                                                                                                                                                • Instruction ID: a5dbc5bf66bed7fef54cfbb71693aa2dd1a914a8d7f538e43ecbd3afa9e4c24c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f9f95c2ab982565c15a3cd51bbe0290331a2329acef78f87bd41ad26f2844460
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F7F03C36A00118BBCF01DF99D841ADE7BB9BF9C754F00406AFE04B7250D7349A159BD4
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0046FC81 Relevance: 1.5, APIs: 1, Instructions: 27fileCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 232 46fc81-46fc89 233 46fc9e-46fcb0 232->233 234 46fc8b-46fc99 232->234 236 46fcb2 233->236 237 46fcb8-46fcd2 CreateFileW 233->237 234->233 235 46fc9b-46fc9d 234->235 235->233 236->237
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(?,00008000,00000000,00000000,00000030,00000000,00000000,00000000,0044C067,00000080,00000000,004879A0,0044C623,?,?), ref: 0046FCCB
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862403433.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862594552.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862606004.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CreateFile
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 823142352-0
                                                                                                                                                                                                                                                • Opcode ID: 34be99a4df0659f66ffc45907976650f669dbc34d7c1ceb35c7f5e6f59f355c8
                                                                                                                                                                                                                                                • Instruction ID: 05b2bf8f26c71c4f0cef5e4589d88419b66cc440a61bf23c3ab91a75f3411fe6
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 34be99a4df0659f66ffc45907976650f669dbc34d7c1ceb35c7f5e6f59f355c8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 79F02B33101211AEE32987469C85F57BF9BFBC4310F18D1A5F4444D4E5C374988187A4
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00442A06 Relevance: 1.5, APIs: 1, Instructions: 10registryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 238 442a06-442a0d 239 442a0f-442a16 RegCloseKey 238->239 240 442a19-442a1a 238->240 239->240
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • RegCloseKey.KERNEL32(00000000,?,00443BE0,Software\Wine,004B15A1,80000002,Software\Wine,00020019,00000000,00000019,74DF23A0,?,?,?,004B1623,0046F37F), ref: 00442A10
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862403433.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862594552.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862606004.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Close
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3535843008-0
                                                                                                                                                                                                                                                • Opcode ID: d656e0732be45c8aa06141d7b783103bcc3aa4426a1adeda529f3cb3e35a2039
                                                                                                                                                                                                                                                • Instruction ID: f3813982204b5ae850940b5f19d2ed492c129e3a370f6e81e8cb5ac3dee6d7ca
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d656e0732be45c8aa06141d7b783103bcc3aa4426a1adeda529f3cb3e35a2039
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 36C04C3151522147D7709F59F94476273E85F04362F15045AB880EA145D6A48880869C
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00468618 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 241 468618-46861f ??3@YAXPAX@Z
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862403433.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862594552.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862606004.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ??3@
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 613200358-0
                                                                                                                                                                                                                                                • Opcode ID: 9250c5c465fd37cdc3bd4612cf0d16f04d37af42fff6203653576c9b1180dd0a
                                                                                                                                                                                                                                                • Instruction ID: 45983b04791fe9f6fc8fa831eb551b49d8276c24a9f9c84740e241472f3aab43
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9250c5c465fd37cdc3bd4612cf0d16f04d37af42fff6203653576c9b1180dd0a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00468620 Relevance: 1.3, APIs: 1, Instructions: 21COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 250 468620-46862a 251 468633-468635 250->251 252 46862c 250->252 253 468637-46863a 251->253 254 468642-46864b malloc 251->254 252->251 255 46864d-46864e 254->255 256 46863b-46863d call 4a0163 254->256 256->254
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 004A0163: InterlockedExchange.KERNEL32(00545818,00000001), ref: 004A016E
                                                                                                                                                                                                                                                  • Part of subcall function 004A0163: CloseHandle.KERNEL32(00000000,NoMemoryThread,00000000,00000000,004A0128,?,00000000,?,?,?,?,?,?,00459CFD,00459C7E,?), ref: 004A0193
                                                                                                                                                                                                                                                  • Part of subcall function 004A0163: Sleep.KERNEL32(000003E8,?,?,?,?,?,00459CFD,00459C7E,?,00000000), ref: 004A019E
                                                                                                                                                                                                                                                • malloc.MSVCRT ref: 00468643
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862403433.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862594552.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862606004.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CloseExchangeHandleInterlockedSleepmalloc
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2802248930-0
                                                                                                                                                                                                                                                • Opcode ID: 30639cc934b31972bedbd8304a6321d20bcbef8f0aa1c8a81737a1a473a42ad3
                                                                                                                                                                                                                                                • Instruction ID: 2b6c4b89c3469657e212f24c2f23ca41b30995d4b04d1fd0ab1d710b86758c96
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 30639cc934b31972bedbd8304a6321d20bcbef8f0aa1c8a81737a1a473a42ad3
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 68D09E3261553102DA66662DB9147DF13840B557A5F05425FE844D6741EF4C8D4351DD
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                                Function 0046F337 Relevance: 6.1, APIs: 4, Instructions: 129sleepCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 0046F342
                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 0046F36F
                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000019,?,?,?,?,?,?,?,?,?,?,?,0046F4F1), ref: 0046F384
                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 0046F3A5
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862403433.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862594552.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862606004.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CountTick$Sleep
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 4250438611-0
                                                                                                                                                                                                                                                • Opcode ID: 9e9783c385914644ec4ea284aebf29c47d5c290191e63e0cff30f6d59e567ad1
                                                                                                                                                                                                                                                • Instruction ID: fea66f8f8180269b15010c85c1ca9a3a1de86c56fec6988f8bb0eb06049ebec8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9e9783c385914644ec4ea284aebf29c47d5c290191e63e0cff30f6d59e567ad1
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A9418C719083419FD714EF26E49526EB7E5AFA5308F00442FF4C587262EB3C8989CB9B
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00470646 Relevance: 37.0, APIs: 12, Strings: 9, Instructions: 217stringCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 275 470646-470667 _strnicmp 276 4706c0-4706c7 275->276 277 470669-47067b _strnicmp 275->277 280 4706ea-47070a call 48aac4 strchr 276->280 278 47068d-47069f _strnicmp 277->278 279 47067d-47068b 277->279 281 4706a1-4706ab 278->281 282 4706ad-4706be _strnicmp 278->282 279->280 288 47070c-470727 strchr call 48aac4 280->288 289 470729-47073a call 4453ed 280->289 281->280 282->276 284 4706c9-4706dd _strnicmp 282->284 286 4706e3 284->286 287 47086b 284->287 286->280 290 47086d-470871 287->290 297 47075b-470772 memchr 288->297 295 470752-470754 289->295 296 47073c-470750 call 421dc1 289->296 299 470756 call 48aac4 295->299 296->299 300 470774-4707a1 call 40471b call 48aac4 call 468618 297->300 301 4707a3 297->301 299->297 302 4707a6-4707b9 strrchr 300->302 301->302 306 4707c0-4707ce strchr 302->306 307 4707bb-4707bd 302->307 309 4707e0-4707e5 306->309 310 4707d0-4707de strchr 306->310 307->306 313 4707f8-470819 call 421dc1 309->313 310->309 312 4707e7-4707ec 310->312 315 4707ef-4707f4 312->315 321 47081c-47081f 313->321 315->315 318 4707f6 315->318 318->313 322 470837-47083a 321->322 323 470821-470826 321->323 324 47083c-470847 atoi 322->324 325 47084b-47085e call 421dc1 322->325 323->322 326 470828-47082b 323->326 324->325 325->287 331 470860-470869 call 4704fd 325->331 326->324 328 47082d-470830 326->328 328->322 330 470832-470835 328->330 330->321 330->322 331->290
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862403433.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862594552.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862606004.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: strchr$_strnicmp$atoimemchrstrrchr
                                                                                                                                                                                                                                                • String ID: btresource$btresource://$feed://$http$http://$https$https://$udp$udp://
                                                                                                                                                                                                                                                • API String ID: 1133942460-3240269518
                                                                                                                                                                                                                                                • Opcode ID: dc7268ee4de8c7e1b43488ab89e402f79f3807005c75049703a00ef3bc623509
                                                                                                                                                                                                                                                • Instruction ID: cdd5ddbc0b9aae4ea69e7fb306770d04e13e0400ceef37cc916ed79a2789f378
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dc7268ee4de8c7e1b43488ab89e402f79f3807005c75049703a00ef3bc623509
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FD612371601301DBDB24AE36C885BAB77E5AF90348F10882FE54A87382EB7CE9458759
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0046680B Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 214windowthreadCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 004A10E3: GetModuleHandleA.KERNEL32(comctl32.dll,?,?,0046685D,?,?,?,?,?,?,004A014D,?,Windows ran out of memory. Unable to allocate %d bytes.Please close some applications and press OK.,?), ref: 004A10EA
                                                                                                                                                                                                                                                  • Part of subcall function 004A10E3: LoadLibraryA.KERNEL32(comctl32.dll,?,?,0046685D,?,?,?,?,?,?,004A014D,?,Windows ran out of memory. Unable to allocate %d bytes.Please close some applications and press OK.,?), ref: 004A10F5
                                                                                                                                                                                                                                                  • Part of subcall function 004A10E3: GetProcAddress.KERNEL32(00000000,TaskDialogIndirect), ref: 004A1101
                                                                                                                                                                                                                                                • memset.MSVCRT ref: 0046688D
                                                                                                                                                                                                                                                • LoadIconW.USER32(00000000,00007F02), ref: 00466978
                                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00466A4B
                                                                                                                                                                                                                                                • SetWindowsHookExW.USER32(00000005,004667A3,00000000,00000000), ref: 00466A5B
                                                                                                                                                                                                                                                • MessageBoxW.USER32(?,?,00000000,?), ref: 00466A81
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862403433.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862594552.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862606004.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Load$AddressCurrentHandleHookIconLibraryMessageModuleProcThreadWindowsmemset
                                                                                                                                                                                                                                                • String ID: O$TaskDialogIndirect$comctl32.dll
                                                                                                                                                                                                                                                • API String ID: 1534884872-2564272669
                                                                                                                                                                                                                                                • Opcode ID: 2c058d8d4d4f27f984848babcc2fd93789c6f5f41caad1c1d6285d449f3f9167
                                                                                                                                                                                                                                                • Instruction ID: a10edd38a9d2eb6df87fcae37208367f1d724933d29a51aa49b4adc189d5ee1f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2c058d8d4d4f27f984848babcc2fd93789c6f5f41caad1c1d6285d449f3f9167
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3E8180B19003499FDB20CF59C8457AA7BE4EF41304F15802BED459B391E778DA88DF5A
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004898C5 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 155COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862403433.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862594552.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862606004.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: __aulldvrm
                                                                                                                                                                                                                                                • String ID: .$0$0$0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ$0123456789abcdefghijklmnopqrstuvwxyz
                                                                                                                                                                                                                                                • API String ID: 1302938615-1972522466
                                                                                                                                                                                                                                                • Opcode ID: b341c2f74c1d21e06985e9da8370495a356a94033cecccf16d46963afb04a078
                                                                                                                                                                                                                                                • Instruction ID: 9716e8dec98437b2217b9bca5fa46e83075923f0a355f7c321471b3f34fc467b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b341c2f74c1d21e06985e9da8370495a356a94033cecccf16d46963afb04a078
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DC5109B0104B895AEF15BEA98885BFF7B95AB15348F1C485FED4187381C3BC8D45C359
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0049B2C7 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 85COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862403433.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862594552.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862606004.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ??2@CountTick
                                                                                                                                                                                                                                                • String ID: Invalid tracker URL.$UDP Trackers disabled.$W9=
                                                                                                                                                                                                                                                • API String ID: 1586335746-208172440
                                                                                                                                                                                                                                                • Opcode ID: 9b2502097dbc8454edfc9f776e0bb29fc16b3da58cd077f72f9c03eeb8c94e9e
                                                                                                                                                                                                                                                • Instruction ID: e012321285f1a9367b100574be3407be3b25622a498367b2f636e362245e8568
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9b2502097dbc8454edfc9f776e0bb29fc16b3da58cd077f72f9c03eeb8c94e9e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AB21B475A001209BCF11EFA5BD52ABE7B64FB16708740043FE95267292DF7818199BCE
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004A10E3 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(comctl32.dll,?,?,0046685D,?,?,?,?,?,?,004A014D,?,Windows ran out of memory. Unable to allocate %d bytes.Please close some applications and press OK.,?), ref: 004A10EA
                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(comctl32.dll,?,?,0046685D,?,?,?,?,?,?,004A014D,?,Windows ran out of memory. Unable to allocate %d bytes.Please close some applications and press OK.,?), ref: 004A10F5
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,TaskDialogIndirect), ref: 004A1101
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862403433.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862594552.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862606004.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                                                                                                                                                • String ID: TaskDialogIndirect$comctl32.dll
                                                                                                                                                                                                                                                • API String ID: 310444273-2809879075
                                                                                                                                                                                                                                                • Opcode ID: 95b08c295450f640b4ccf319a02ebceafbed6e1747284aa10868418ed559ca23
                                                                                                                                                                                                                                                • Instruction ID: b6910a8d96c439c5a9a79188c1f5b28735512c77b949466aa535ae9459b11b64
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 95b08c295450f640b4ccf319a02ebceafbed6e1747284aa10868418ed559ca23
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DDD0C9366011A16B97201B37BC4CDABBAACEED7662705843AF841D6226DE78C94185B8
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00447393 Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 171COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 00447429
                                                                                                                                                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 00447504
                                                                                                                                                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 00447547
                                                                                                                                                                                                                                                  • Part of subcall function 00447283: ??2@YAPAXI@Z.MSVCRT ref: 0044728C
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862403433.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862594552.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862606004.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ??2@
                                                                                                                                                                                                                                                • String ID: file:///$https:
                                                                                                                                                                                                                                                • API String ID: 1033339047-421304004
                                                                                                                                                                                                                                                • Opcode ID: 4699695e8682f953e3a6788a1385b1cb5f44126835133bac4ed5cd59bd81bff5
                                                                                                                                                                                                                                                • Instruction ID: ccc32fa0efd63ca8ac1c14c2b0586d59bdd9e9094ea8232620a4e0b5d989bfb1
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4699695e8682f953e3a6788a1385b1cb5f44126835133bac4ed5cd59bd81bff5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E451D370604285AFDB11EF78C4419EABFE0AF04344F14485FE4AA8B353DB38E946CB5A
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0043CCB8 Relevance: 7.6, APIs: 6, Instructions: 86COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862403433.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862594552.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862606004.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ??2@memset
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1035511824-0
                                                                                                                                                                                                                                                • Opcode ID: c3d6db0cfcce8c6a37355c734b7e26bd1feab1d29c6ae3d305b2ef59d5e159b5
                                                                                                                                                                                                                                                • Instruction ID: 7a2543150106e8984170352c6cb0627c9a172214874a88af9b8e3ea390d81562
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c3d6db0cfcce8c6a37355c734b7e26bd1feab1d29c6ae3d305b2ef59d5e159b5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FD31A271605B419FE325DF2AD886916BBE1AF45325B00CA2EF0EA9B7E1D774E9048B04
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004AECA6 Relevance: 7.6, APIs: 5, Instructions: 70COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 004AECD7
                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000FC), ref: 004AECE6
                                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000FC,00464A35), ref: 004AED15
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862403433.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862594552.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862606004.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: LongWindow$??2@
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3581377960-0
                                                                                                                                                                                                                                                • Opcode ID: ce52d88efe75a73d4b5c7405e02db073bf42b5c8a1aba7df656aa9fbe0bffc4d
                                                                                                                                                                                                                                                • Instruction ID: a02320d688df46ff44469dc3af87e637539dc24d07cf770f6922ec7e5c93f771
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ce52d88efe75a73d4b5c7405e02db073bf42b5c8a1aba7df656aa9fbe0bffc4d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D51108712043226FCB107F6B9CC083BB6D4EBA67247208A3FF172932E1EA7888015659
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0043C3B8 Relevance: 7.5, APIs: 5, Instructions: 44threadCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • RtlEnterCriticalSection.NTDLL(00543978), ref: 0043C3C4
                                                                                                                                                                                                                                                • RtlEnterCriticalSection.NTDLL(005431B8), ref: 0043C3D0
                                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 0043C419
                                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 0043C425
                                                                                                                                                                                                                                                • RtlLeaveCriticalSection.NTDLL(005431B8), ref: 0043C42C
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862403433.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862594552.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862606004.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CriticalSection$CurrentEnterThread$Leave
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3476096762-0
                                                                                                                                                                                                                                                • Opcode ID: 35474f90d31593a1f8cab07f4f85810501e0e74ce28638b86a7298497c40546c
                                                                                                                                                                                                                                                • Instruction ID: 7e012595fc6096444b6f3579f6d7fb995ba997b66bce14fbd92c62cb22b89932
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 35474f90d31593a1f8cab07f4f85810501e0e74ce28638b86a7298497c40546c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B00171365006448F8720DF29FDC58A5B7ECFB99308341142BD90AE7231CB36AE09DB94
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0044C5B2 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114stringnetworkCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 0044C5C0
                                                                                                                                                                                                                                                  • Part of subcall function 00466AA1: LoadLibraryA.KERNEL32(wininet.dll,00000000,004879A0,?,?,0044C651,00000000,?,?,?,?,?,?,00459CFD,00459C7E,?), ref: 00466AB9
                                                                                                                                                                                                                                                  • Part of subcall function 00466AA1: GetProcAddress.KERNEL32(00000000,wininet.dll), ref: 00466AD3
                                                                                                                                                                                                                                                  • Part of subcall function 00466AA1: GetLastError.KERNEL32(?,?,0044C651,00000000,?,?,?,?,?,?,00459CFD,00459C7E,?,00000000), ref: 00466AEA
                                                                                                                                                                                                                                                • InternetSetCookieA.WININET(?,00000000,?), ref: 0044C684
                                                                                                                                                                                                                                                • strchr.MSVCRT ref: 0044C68D
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862403433.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862594552.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862606004.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ??2@AddressCookieErrorInternetLastLibraryLoadProcstrchr
                                                                                                                                                                                                                                                • String ID: wininet.dll
                                                                                                                                                                                                                                                • API String ID: 3787153555-3354682871
                                                                                                                                                                                                                                                • Opcode ID: b9f269940d6b54b46f549e3213b9986d2cf5922d8f35c42ec497dbfc08c9a1e0
                                                                                                                                                                                                                                                • Instruction ID: 7c75fa48f57f1f9338d8e1b35b83b027339c713dd4c40e4aa8be100988d9bc29
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b9f269940d6b54b46f549e3213b9986d2cf5922d8f35c42ec497dbfc08c9a1e0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 19316830B02211ABEB689F29C494B6E7791AF41354F09942FE9059B3A2DF38DC01C788
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004A1A2E Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 57windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(wininet.dll,00000000,00543AB0,?,0046BA46,00000100,00000000,0044C045,00000000,0044C07D,00000000,?,?,?,?), ref: 004A1A54
                                                                                                                                                                                                                                                • FormatMessageW.KERNEL32(00001200,00000000,00000000,00000000,00543AB0,?,00000000,00000000,00543AB0,?,0046BA46,00000100,00000000,0044C045,00000000,0044C07D), ref: 004A1A66
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862403433.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862594552.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862606004.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: FormatHandleMessageModule
                                                                                                                                                                                                                                                • String ID: Error %d$wininet.dll
                                                                                                                                                                                                                                                • API String ID: 2046974992-2228022614
                                                                                                                                                                                                                                                • Opcode ID: 3dde001c2327f083cf9dcb426aedc41811d6a8ab0e6d22cb4d1362dbdefba313
                                                                                                                                                                                                                                                • Instruction ID: 0eed037ef3699914dad17e00d115bbe2e2051c89b5c168254f12c8c7dfa22c3e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3dde001c2327f083cf9dcb426aedc41811d6a8ab0e6d22cb4d1362dbdefba313
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 61014C2270130155E7206B15CC49F77B7ACEFA7711F14402BF242C72F1D6A84C81C66E
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00464A35 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862403433.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862594552.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862606004.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Prop
                                                                                                                                                                                                                                                • String ID: .O
                                                                                                                                                                                                                                                • API String ID: 257714900-711510751
                                                                                                                                                                                                                                                • Opcode ID: fb13d6d8213767fac9e2d215143efe2e13acaad96b0b215468001b6e920a156b
                                                                                                                                                                                                                                                • Instruction ID: baa4c8b6ad4d5b3a0c8029c30c1568f9e670a3ef26fa39d1c1c7e963fdd25cd9
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fb13d6d8213767fac9e2d215143efe2e13acaad96b0b215468001b6e920a156b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D1114835500218ABCF219F9ADC48A8EBBA9EF98354F00842AF94597261D778DD40DFA9
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0043C5B1 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • RtlEnterCriticalSection.NTDLL(005431B8), ref: 0043C5C8
                                                                                                                                                                                                                                                • RtlLeaveCriticalSection.NTDLL(005431B8), ref: 0043C5ED
                                                                                                                                                                                                                                                • RtlInitializeCriticalSection.NTDLL(0054314C), ref: 0043C5F4
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862403433.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862594552.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862606004.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CriticalSection$EnterInitializeLeave
                                                                                                                                                                                                                                                • String ID: dns
                                                                                                                                                                                                                                                • API String ID: 3991485460-2196626497
                                                                                                                                                                                                                                                • Opcode ID: 4a91c240b09d77c3ef5056d93b1e20f5fc306e2a58f40cff44b38f78e6df9c32
                                                                                                                                                                                                                                                • Instruction ID: e0ab7797676725561b9d37e6b534f1cda693accf133c2f0c670ee902131896d1
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4a91c240b09d77c3ef5056d93b1e20f5fc306e2a58f40cff44b38f78e6df9c32
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 72E06C325001557BD70567AAECC9DEF7A6CAF85715F040075F201B6152CE550A0583B5
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004A0163 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 25sleepCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(00545818,00000001), ref: 004A016E
                                                                                                                                                                                                                                                • Sleep.KERNEL32(000003E8,?,?,?,?,?,00459CFD,00459C7E,?,00000000), ref: 004A019E
                                                                                                                                                                                                                                                  • Part of subcall function 0043C5FF: CreateThread.KERNEL32(?,?,?,?,?,?), ref: 0043C625
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,NoMemoryThread,00000000,00000000,004A0128,?,00000000,?,?,?,?,?,?,00459CFD,00459C7E,?), ref: 004A0193
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862403433.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862594552.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862606004.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CloseCreateExchangeHandleInterlockedSleepThread
                                                                                                                                                                                                                                                • String ID: NoMemoryThread
                                                                                                                                                                                                                                                • API String ID: 173309394-1247638031
                                                                                                                                                                                                                                                • Opcode ID: abc9f31fff3e489709833e7224c6a2e9d236e37363e54b1419c48a528e59c8a0
                                                                                                                                                                                                                                                • Instruction ID: aecc85fc3f027f462a876166e02bb1b3bf514cbb59aa6370194c77ac6780c509
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: abc9f31fff3e489709833e7224c6a2e9d236e37363e54b1419c48a528e59c8a0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 14E0C2B1640350BFF62467629CCEEFB7E5CDB15B51F000026F605EA0C1EEBA88404779
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0043C436 Relevance: 6.0, APIs: 4, Instructions: 42threadCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • RtlEnterCriticalSection.NTDLL(005431B8), ref: 0043C44C
                                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 0043C45B
                                                                                                                                                                                                                                                • RtlLeaveCriticalSection.NTDLL(005431B8), ref: 0043C4A1
                                                                                                                                                                                                                                                • RtlLeaveCriticalSection.NTDLL(005431B8), ref: 0043C4A5
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862403433.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862594552.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862606004.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CriticalSection$Leave$CurrentEnterThread
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2905768538-0
                                                                                                                                                                                                                                                • Opcode ID: f1868ce94f52ab719e366593b7ea1adbb65317a775ae6f436c5795f56f5cb87c
                                                                                                                                                                                                                                                • Instruction ID: 7d8ba6755e7438827e13f129986cd2114c4aaab8629c6976e64154cfb093b7c2
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f1868ce94f52ab719e366593b7ea1adbb65317a775ae6f436c5795f56f5cb87c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3801D6397001008F87189F25DCC48B9B768EBEA328315A16FD4055B232DE37DA08D744
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00438A7E Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 152COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862403433.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862594552.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862606004.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ??2@??3@
                                                                                                                                                                                                                                                • String ID: 4-T
                                                                                                                                                                                                                                                • API String ID: 1936579350-2416925532
                                                                                                                                                                                                                                                • Opcode ID: c3cc8d7d7c2b126d2a81fcc887538282b1dc6e0d91104f888e6bc77195df73eb
                                                                                                                                                                                                                                                • Instruction ID: 1c270ae4fb1ea26f8b841b5d570e454327e2dedc51aae199c91a21947af6457e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c3cc8d7d7c2b126d2a81fcc887538282b1dc6e0d91104f888e6bc77195df73eb
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2F517EB0A003068FCB19CF58C9D05AEF7B2FB99318F64546EE0029B341DB79AD42CB58
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004667A3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 0048C4D5: TlsGetValue.KERNEL32(00000015,?,00466A32,?,?,?,?,?,?,004A014D,?,Windows ran out of memory. Unable to allocate %d bytes.Please close some applications and press OK.,?), ref: 0048C4EA
                                                                                                                                                                                                                                                  • Part of subcall function 0048C4D5: malloc.MSVCRT ref: 0048C4F9
                                                                                                                                                                                                                                                  • Part of subcall function 0048C4D5: TlsSetValue.KERNEL32(00000000,00000002,?,?,?,?,004A014D,?,Windows ran out of memory. Unable to allocate %d bytes.Please close some applications and press OK.,?), ref: 0048C511
                                                                                                                                                                                                                                                • SetPropA.USER32(?,MsgBoxData,?), ref: 004667DD
                                                                                                                                                                                                                                                • CallNextHookEx.USER32(00000000,?,?,?), ref: 00466800
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.1862415104.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862403433.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000056A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.000000000059F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862415104.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862594552.00000000005C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.1862606004.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_BitTorrent-7.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Value$CallHookNextPropmalloc
                                                                                                                                                                                                                                                • String ID: MsgBoxData
                                                                                                                                                                                                                                                • API String ID: 2721637341-1423917892
                                                                                                                                                                                                                                                • Opcode ID: eb003bac46e18555541f9b9f3689a58453bd10c0ec5a7171c873b28812d08216
                                                                                                                                                                                                                                                • Instruction ID: 96e589d59669b4a447dfeb47b0227b2d50364a01aca2a15882e80b0be42958ea
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: eb003bac46e18555541f9b9f3689a58453bd10c0ec5a7171c873b28812d08216
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 14F0A431801264AFDB21AF51C944F9BBFA5EF1472AF02801AFD181B212D739D944D79A
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                                Execution Coverage:7.2%
                                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                Signature Coverage:3%
                                                                                                                                                                                                                                                Total number of Nodes:268
                                                                                                                                                                                                                                                Total number of Limit Nodes:17
                                                                                                                                                                                                                                                execution_graph 21960 48cbc8 741 API calls 21961 471bc6 ??2@YAPAXI 21964 415a44 741 API calls 21965 41ca47 7 API calls 21720 4e5049 21725 4e4e14 21720->21725 21724 4e5060 21726 4e4ed6 21725->21726 21727 4e4e27 21725->21727 21735 4e4edd 6 API calls 21726->21735 21728 4e4e6b 21727->21728 21729 4e4e52 21727->21729 21730 4e4e43 CryptCreateHash 21727->21730 21732 4e4e79 memcpy 21728->21732 21734 4e4e95 21728->21734 21729->21728 21731 4e4e58 CryptHashData 21729->21731 21730->21729 21731->21726 21731->21728 21732->21734 21733 4e4ec3 memcpy 21733->21726 21734->21726 21734->21733 21735->21724 21967 4091ce htonl htonl htonl 21979 474889 738 API calls 21895 46d7c9 21896 46d7f4 21895->21896 21897 46d7db 21895->21897 21898 46d7eb 21897->21898 21901 46d7f9 21897->21901 21902 468620 735 API calls 21898->21902 21904 46864f 21898->21904 21899 46d888 memcpy 21899->21901 21901->21896 21901->21899 21917 46c860 736 API calls 21901->21917 21902->21896 21905 468662 21904->21905 21906 468620 21904->21906 21907 468666 ??3@YAXPAX 21905->21907 21908 468678 realloc 21905->21908 21911 468637 21906->21911 21912 468642 malloc 21906->21912 21909 468685 21907->21909 21908->21909 21910 468671 21908->21910 21909->21896 21919 4a0163 736 API calls 21910->21919 21911->21896 21914 46864d 21912->21914 21915 46863b 21912->21915 21914->21896 21918 4a0163 736 API calls 21915->21918 21917->21901 21918->21912 21919->21908 21968 410551 8 API calls 21621 485b99 21626 4a03b6 21621->21626 21623 485ba7 21629 468618 ??3@YAXPAX 21623->21629 21625 485bbb 21630 4a02e3 21626->21630 21628 4a03bf 21628->21623 21629->21625 21631 4a0399 21630->21631 21632 4a02f6 21630->21632 21631->21628 21632->21631 21637 468620 21632->21637 21634 4a035d memcpy 21635 4a0384 memcpy 21634->21635 21636 4a0375 21634->21636 21635->21631 21636->21635 21638 46862c 21637->21638 21639 468637 21638->21639 21640 468642 malloc 21638->21640 21639->21634 21641 46864d 21640->21641 21642 46863b 21640->21642 21641->21634 21644 4a0163 736 API calls 21642->21644 21644->21640 21970 412753 737 API calls 21645 48c11e 21648 48a632 21645->21648 21651 48a5df 21648->21651 21656 48a39e 21651->21656 21659 48a3ae 21656->21659 21657 48a4e3 21662 48b147 21657->21662 21659->21657 21665 489fec 21659->21665 21697 489875 21659->21697 21703 489825 GetLastError memset 21659->21703 21715 48bc64 21662->21715 21664 48a62c 21666 48a16d 21665->21666 21667 48a005 21665->21667 21668 48a1df 21666->21668 21669 48a172 21666->21669 21670 48a12a 21667->21670 21671 48a014 21667->21671 21672 48a13b 21667->21672 21668->21672 21687 48a149 21668->21687 21669->21672 21675 48a179 21669->21675 21676 48a1bd 21669->21676 21670->21672 21681 48a136 21670->21681 21670->21687 21673 48a01a 21671->21673 21674 48a106 21671->21674 21678 48a070 21672->21678 21712 4898c5 GetLastError memset __aulldvrm 21672->21712 21673->21678 21683 48a02c 21673->21683 21684 48a0d0 21673->21684 21708 489cbd WSAAddressToStringA GetLastError memset 21674->21708 21680 48a181 21675->21680 21685 48a09c 21675->21685 21711 489a4f GetLastError memset 21676->21711 21678->21659 21680->21672 21686 48a184 21680->21686 21681->21672 21681->21684 21683->21685 21688 48a031 21683->21688 21707 489cf9 WSAAddressToStringA GetLastError memset htonl 21684->21707 21685->21678 21706 4898c5 GetLastError memset __aulldvrm 21685->21706 21686->21678 21710 489825 GetLastError memset 21686->21710 21687->21678 21709 489deb GetLastError memset __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 21687->21709 21690 48a075 21688->21690 21695 48a034 21688->21695 21705 489b81 GetLastError memset 21690->21705 21695->21678 21704 489499 GetLastError 21695->21704 21699 489886 21697->21699 21698 4898c0 21698->21659 21699->21698 21700 4898a3 21699->21700 21713 48943d GetLastError memset 21699->21713 21700->21698 21714 48943d GetLastError memset 21700->21714 21703->21659 21704->21678 21705->21678 21706->21685 21707->21678 21708->21678 21709->21678 21710->21678 21711->21678 21712->21678 21713->21700 21714->21698 21716 48bc7b 21715->21716 21717 48bc8e memcpy 21715->21717 21719 48bc10 736 API calls 21716->21719 21717->21664 21719->21717 21736 447393 21737 4473a8 21736->21737 21738 4473c8 21737->21738 21740 4473dd 21737->21740 21768 447283 736 API calls 21738->21768 21739 447424 ??2@YAPAXI 21742 447433 21739->21742 21746 44743a 21739->21746 21740->21739 21744 4473fd 21740->21744 21787 445751 736 API calls 21742->21787 21749 4473d8 21744->21749 21769 44c5b2 ??2@YAPAXI 21744->21769 21762 48ba1d ??3@YAXPAX 21746->21762 21748 4474ac 21750 4474c0 21748->21750 21788 48aac4 ??3@YAXPAX 21748->21788 21752 44752a 21750->21752 21763 470936 736 API calls 21750->21763 21753 447545 ??2@YAPAXI 21752->21753 21756 447551 21752->21756 21753->21756 21755 447502 ??2@YAPAXI 21757 44750e 21755->21757 21758 447518 21755->21758 21790 44541c 736 API calls 21756->21790 21764 43dcc6 ??2@YAPAXI 21757->21764 21789 470925 ??3@YAXPAX 21758->21789 21762->21748 21763->21755 21765 43dce8 21764->21765 21767 43dcf8 21764->21767 21791 43dc53 21765->21791 21767->21758 21768->21749 21770 44c5ca 21769->21770 21829 44befd InterlockedDecrement InterlockedIncrement 21770->21829 21772 44c623 21774 44c651 21772->21774 21777 466aa1 3 API calls 21772->21777 21779 44c627 21772->21779 21773 44c5e3 21773->21772 21830 44c051 21773->21830 21774->21779 21837 4453ed strchr 21774->21837 21777->21774 21778 44c69a 21785 44c6ab 21778->21785 21838 421dc1 736 API calls 21778->21838 21783 44c630 21779->21783 21836 44bf64 InterlockedDecrement ??3@YAXPAX 21779->21836 21781 44c664 21781->21778 21784 44c67e InternetSetCookieA strchr 21781->21784 21783->21749 21784->21781 21839 468618 ??3@YAXPAX 21785->21839 21787->21746 21788->21750 21790->21749 21792 43dc6f 21791->21792 21795 43ccb8 21792->21795 21796 43cda2 21795->21796 21797 43ccca ??2@YAPAXI 21795->21797 21796->21767 21798 43cce6 memset 21797->21798 21799 43ccf4 21797->21799 21800 43ccf6 ??2@YAPAXI 21798->21800 21799->21800 21801 43cd09 21800->21801 21802 43cd0f ??2@YAPAXI 21800->21802 21801->21802 21803 43cd22 21802->21803 21804 43cd28 memset 21802->21804 21803->21804 21808 43cbec 21804->21808 21807 43cd61 memset 21807->21796 21813 43cb3d 21808->21813 21811 43cc0a 21811->21796 21811->21807 21814 43cb54 GetVersionExW 21813->21814 21816 43cb4d 21813->21816 21815 43cb73 21814->21815 21814->21816 21815->21816 21817 43cbaf LoadLibraryA 21815->21817 21816->21811 21822 466aa1 21816->21822 21817->21816 21818 43cbc2 GetProcAddress 21817->21818 21819 43cbd2 21818->21819 21820 43cbda FreeLibrary 21818->21820 21819->21820 21821 43cbe5 21819->21821 21820->21816 21821->21816 21825 466ab3 21822->21825 21823 466af2 21823->21811 21824 466ab8 LoadLibraryA 21824->21825 21827 466aea GetLastError 21824->21827 21825->21823 21825->21824 21826 466ad1 GetProcAddress 21825->21826 21828 466add 21826->21828 21827->21823 21828->21825 21829->21773 21840 46fc81 21830->21840 21832 44c067 21833 44c06f GetLastError 21832->21833 21835 44c07d 21832->21835 21843 44c039 21833->21843 21835->21772 21836->21783 21837->21781 21838->21785 21839->21779 21841 46fc8b CreateFileW 21840->21841 21841->21832 21848 46b906 7 API calls 21843->21848 21845 44c045 21849 44bff1 21845->21849 21848->21845 21850 44c005 21849->21850 21853 44bf8b 21850->21853 21865 468618 ??3@YAXPAX 21853->21865 21855 44bf99 21856 44bfa6 21855->21856 21857 44bfab 21855->21857 21869 46f8fe CloseHandle 21856->21869 21861 44bfbc 21857->21861 21870 46b834 21857->21870 21866 48b74d 21861->21866 21863 44bfe5 InternetCloseHandle 21864 44bfee 21863->21864 21864->21835 21865->21855 21873 468618 ??3@YAXPAX 21866->21873 21868 44bfd2 21868->21863 21868->21864 21869->21857 21874 43c3b8 RtlEnterCriticalSection 21870->21874 21873->21868 21875 43c432 GetCurrentThreadId 21874->21875 21876 43c3cf RtlEnterCriticalSection 21874->21876 21875->21861 21878 43c3d9 21876->21878 21877 43c42b RtlLeaveCriticalSection 21877->21875 21878->21877 21879 43c3e5 GetCurrentThreadId GetCurrentThreadId 21878->21879 21879->21877 21891 5c3c00 21894 5c3c18 VirtualProtect 21891->21894 21893 5c47aa 21894->21893 21980 4a0128 17 API calls 21982 42326f HeapFree 21971 408865 GetLastError 21983 4667a3 9 API calls 21973 473b6e 737 API calls 21984 42002b htonl 21880 4e3d62 21883 4e3d0a 21880->21883 21884 4e3d15 21883->21884 21888 4e3d5f 21883->21888 21885 466aa1 3 API calls 21884->21885 21886 4e3d25 21885->21886 21887 4e3d29 CryptAcquireContextA 21886->21887 21886->21888 21887->21888 21889 4e3d46 CryptAcquireContextA 21887->21889 21889->21888 21890 4e3d57 GetLastError 21889->21890 21890->21888 21974 462de9 htonl htonl 21986 406234 _strncoll 21975 4455fe ??2@YAPAXI ??3@YAXPAX PostMessageW 21976 459c7e ??3@YAXPAX 21987 4073bb WSAAddressToStringA GetLastError memset GetLastError htonl 21977 41507d 736 API calls 21920 485cb7 21921 485cc7 21920->21921 21923 485d26 21921->21923 21924 485d0c Sleep 21921->21924 21930 485d07 21921->21930 21932 40704f 21921->21932 21935 46680b 16 API calls 21921->21935 21928 485d37 21923->21928 21936 41fb6b 736 API calls 21923->21936 21924->21921 21927 485d42 21937 468618 ??3@YAXPAX 21928->21937 21930->21924 21931 485d4f ExitProcess 21930->21931 21938 4a075b 21932->21938 21935->21921 21936->21928 21937->21927 21941 4a0768 21938->21941 21943 40705e 21941->21943 21944 48a6aa 21941->21944 21947 4a0614 21941->21947 21955 468618 ??3@YAXPAX 21941->21955 21943->21921 21945 48a5df 736 API calls 21944->21945 21946 48a6c2 21945->21946 21946->21941 21956 46fa30 GetFileAttributesW 21947->21956 21950 4a0628 21958 41fb6b 736 API calls 21950->21958 21952 4a0633 21952->21941 21953 4a0639 21953->21952 21959 468618 ??3@YAXPAX 21953->21959 21955->21941 21957 46fa3c 21956->21957 21957->21950 21957->21953 21958->21952 21959->21952

                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                Function 0041FCD7 Relevance: 34.5, APIs: 8, Strings: 11, Instructions: 1249COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 0048FB98
                                                                                                                                                                                                                                                  • Part of subcall function 004045F5: ??2@YAPAXI@Z.MSVCRT ref: 00404604
                                                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0049055A
                                                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00490585
                                                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004905CC
                                                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004905F5
                                                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004909DE
                                                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00490A09
                                                                                                                                                                                                                                                • __allrem.LIBCMT ref: 00490B41
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$??2@$__allrem
                                                                                                                                                                                                                                                • String ID: #.'f$&license=%U$2348764555$B]V$B_V$Haven't heard from raptor in a long time, reconnecting$bugmenot$clientid$http%s://%U:%U@%s:%d/attach?name=%U&clientid=%U&version=%d%s$http://localhost$proxy = http://localhost:%d/proxy/0/; expires = %s GMT
                                                                                                                                                                                                                                                • API String ID: 3390728972-2775100168
                                                                                                                                                                                                                                                • Opcode ID: d55a1d03b06029f346986bfee85a92963fca7571ce5dac9178834c6926aa5410
                                                                                                                                                                                                                                                • Instruction ID: 8c0dfd95f2015dd9e5587dfd13f6de6fd499b3d0d9605ae1e26d2188d90c73ef
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d55a1d03b06029f346986bfee85a92963fca7571ce5dac9178834c6926aa5410
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BCB28974A006059FCF14EFA5E8817AE7BB1AB65308F14443FE441A73A1DB389D89DF58
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004E4E14 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 80encryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 852 4e4e14-4e4e21 853 4e4ed8-4e4eda 852->853 854 4e4e27-4e4e3a 852->854 855 4e4e3c-4e4e41 854->855 856 4e4e6b-4e4e6d 854->856 857 4e4e52-4e4e56 855->857 858 4e4e43-4e4e4c CryptCreateHash 855->858 859 4e4e6f-4e4e77 856->859 860 4e4e9d-4e4ea3 856->860 857->856 861 4e4e58-4e4e69 CryptHashData 857->861 858->857 859->860 862 4e4e79-4e4e9b memcpy call 4e3de5 859->862 863 4e4ebd-4e4ec1 860->863 864 4e4ea5 860->864 861->856 865 4e4ed6-4e4ed7 861->865 862->860 863->865 868 4e4ec3-4e4ed3 memcpy 863->868 867 4e4ea8-4e4ebb call 4e3de5 864->867 865->853 867->863 868->865
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CryptCreateHash.ADVAPI32(00F60218,00008004,00000000,00000000,?,00000000,00000000,?,?,004E5059,00000000,00000000,?,00458C52,?,?), ref: 004E4E4C
                                                                                                                                                                                                                                                • CryptHashData.ADVAPI32(?,?,00000000,00000000,00000000,00000000,?,?,004E5059,00000000,00000000,?,00458C52,?,?,00000000), ref: 004E4E61
                                                                                                                                                                                                                                                • memcpy.MSVCRT ref: 004E4E82
                                                                                                                                                                                                                                                • memcpy.MSVCRT ref: 004E4ECE
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CryptHashmemcpy$CreateData
                                                                                                                                                                                                                                                • String ID: @$@
                                                                                                                                                                                                                                                • API String ID: 93945819-149943524
                                                                                                                                                                                                                                                • Opcode ID: 6e2b37a3d8be4364ceabc488908b02911291848e6b3dded46cca57888bba4072
                                                                                                                                                                                                                                                • Instruction ID: 5d419054efb6b2906744a7db0d80804d69d2cf273b331af5eae7b739310e840b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6e2b37a3d8be4364ceabc488908b02911291848e6b3dded46cca57888bba4072
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 98219072500709BBDF218F6ACC84D9A77A9BF94356F00852AFA1986240D379DA548B58
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004A1318 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 67processCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 872 4a1318-4a1330 873 4a1332-4a1344 call 466aa1 872->873 874 4a1346-4a1355 CreateToolhelp32Snapshot 872->874 873->874 877 4a1357-4a1359 873->877 876 4a135b-4a1375 Process32FirstW 874->876 874->877 876->877 880 4a1377 876->880 879 4a13d8-4a13db 877->879 881 4a1378-4a137f 880->881 882 4a13ad-4a13c9 Process32NextW 881->882 883 4a1381-4a1385 881->883 882->881 884 4a13cb-4a13d7 CloseHandle 882->884 885 4a13a3-4a13a6 883->885 884->879 886 4a13a8-4a13ab 885->886 887 4a1387-4a1398 _wcsicmp 885->887 886->882 886->884 888 4a139a 887->888 889 4a139e-4a13a1 887->889 888->889 889->885
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 004A1349
                                                                                                                                                                                                                                                  • Part of subcall function 00466AA1: LoadLibraryA.KERNEL32(wininet.dll,00000000,004879A0,?,?,0044C651,00000000,?,?,?,?,?,?,00459CFD,00459C7E,?), ref: 00466AB9
                                                                                                                                                                                                                                                  • Part of subcall function 00466AA1: GetProcAddress.KERNEL32(00000000,wininet.dll), ref: 00466AD3
                                                                                                                                                                                                                                                  • Part of subcall function 00466AA1: GetLastError.KERNEL32(?,?,0044C651,00000000,?,?,?,?,?,?,00459CFD,00459C7E,?,00000000), ref: 00466AEA
                                                                                                                                                                                                                                                • Process32FirstW.KERNEL32(00000000,?), ref: 004A136D
                                                                                                                                                                                                                                                • _wcsicmp.MSVCRT ref: 004A138F
                                                                                                                                                                                                                                                • Process32NextW.KERNEL32(004A1593,00000024), ref: 004A13C1
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(004A1593), ref: 004A13CE
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Process32$AddressCloseCreateErrorFirstHandleLastLibraryLoadNextProcSnapshotToolhelp32_wcsicmp
                                                                                                                                                                                                                                                • String ID: kernel32.dll
                                                                                                                                                                                                                                                • API String ID: 3960575534-1793498882
                                                                                                                                                                                                                                                • Opcode ID: bebd620aa2146e4dcb84673ba2b0936decc5996870be6d0dc2b5dbe5e5fcd812
                                                                                                                                                                                                                                                • Instruction ID: 791eac3447ce07c0e57cec23622cc5a7e5d0d40d29a4332cb8458bfab87fe3ca
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bebd620aa2146e4dcb84673ba2b0936decc5996870be6d0dc2b5dbe5e5fcd812
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E021EB71904208AFEF10AFA598486BEB7F8AB37354F1400EAE84593651E7795E49CB14
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004E3D0A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35encryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00466AA1: LoadLibraryA.KERNEL32(wininet.dll,00000000,004879A0,?,?,0044C651,00000000,?,?,?,?,?,?,00459CFD,00459C7E,?), ref: 00466AB9
                                                                                                                                                                                                                                                  • Part of subcall function 00466AA1: GetProcAddress.KERNEL32(00000000,wininet.dll), ref: 00466AD3
                                                                                                                                                                                                                                                  • Part of subcall function 00466AA1: GetLastError.KERNEL32(?,?,0044C651,00000000,?,?,?,?,?,?,00459CFD,00459C7E,?,00000000), ref: 00466AEA
                                                                                                                                                                                                                                                • CryptAcquireContextA.ADVAPI32(00566D98,00000000,00000000,00000001,00000000,?,00000000,?,004E3D6C,00000000,?,00000000,00458C2C,?,?), ref: 004E3D3C
                                                                                                                                                                                                                                                • CryptAcquireContextA.ADVAPI32(00566D98,00000000,00000000,00000001,00000008,?,00000000,?,004E3D6C,00000000,?,00000000,00458C2C,?,?), ref: 004E3D4D
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AcquireContextCrypt$AddressErrorLastLibraryLoadProc
                                                                                                                                                                                                                                                • String ID: advapi32.dll
                                                                                                                                                                                                                                                • API String ID: 2673840251-4050573280
                                                                                                                                                                                                                                                • Opcode ID: 7e39edf2afd25fa47a0f5124ddda1706f034e3176fa59a49f50341efe2b34c16
                                                                                                                                                                                                                                                • Instruction ID: 26f7acf50d9e35fe8ab4498a7b605f887d40712980ee90815e031629486cc59f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7e39edf2afd25fa47a0f5124ddda1706f034e3176fa59a49f50341efe2b34c16
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3BF0E570342294BAF7211B5A6CC8FA76A9CAB2138BF04006AF209AB292C2D51C4482A4
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0046BDED Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 19networkCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 0046352E: htons.WS2_32(00000000), ref: 00463566
                                                                                                                                                                                                                                                • bind.WS2_32(000000FF,?,FF ), ref: 0046BE12
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: bindhtons
                                                                                                                                                                                                                                                • String ID: FF
                                                                                                                                                                                                                                                • API String ID: 791846173-3617448728
                                                                                                                                                                                                                                                • Opcode ID: 3288500ed1ade90b3e7f55dc9d24fd0e16ed6c6af3bc91d765baa670b5b57352
                                                                                                                                                                                                                                                • Instruction ID: f882756d860ccfeb63639e7548a611ebe7132fb04dbc7de95e2ca6888c95fe38
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3288500ed1ade90b3e7f55dc9d24fd0e16ed6c6af3bc91d765baa670b5b57352
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F0E0EC7640005DBBCF00EF95DC85DDE7BACFB49248F048026F905A7151EA34E6498BE5
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 005C3C00 Relevance: 2.4, APIs: 1, Instructions: 879memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • VirtualProtect.KERNEL32(-00001000,00001000,00000004,?,00000018), ref: 005C4793
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                                                                                                                • Opcode ID: adc767022a725d7b59a43354edcefaa6b920ae0b6e695f04c20663282151ebdd
                                                                                                                                                                                                                                                • Instruction ID: c82c76eaa7c433a81f545ea17fe59400075ed6e2d987560102243a7c2a33a7b6
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: adc767022a725d7b59a43354edcefaa6b920ae0b6e695f04c20663282151ebdd
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 98728A315083558FD724CF68C890B6ABBE1FF8A384F154A2DE9A58B351E371D985CF82
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00458F69 Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 228windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 537 458f69-458f97 CreateWindowExW 538 458f9e-458fb0 SetEvent 537->538 539 45910e 538->539 540 459111-459122 GetMessageW 539->540 541 458fb5-458fe9 call 40daa2 call 48b8f1 call 48b99d 540->541 542 459128-459143 call 48b74d call 41ef9c 540->542 556 458ff3 541->556 557 458feb-458ff1 541->557 552 4591d3-4591eb call 48b8f1 call 48b99d 542->552 564 4591ed-459220 call 466d36 ResetEvent CloseHandle call 44ed78 552->564 565 4591ae-4591b6 552->565 559 458ff5-458ff8 556->559 557->559 561 4590cd-4590e6 PeekMessageW 559->561 562 458ffe-459006 559->562 561->540 563 4590e8-4590ed 561->563 566 459043-459048 562->566 567 459008-459015 ??2@YAPAXI@Z 562->567 563->539 570 4590ef 563->570 574 4591c6-4591ce call 48b973 565->574 575 4591b8-4591c5 call 458811 ??3@YAXPAX@Z 565->575 568 45906f-459076 566->568 569 45904a-45904f 566->569 572 459017-45901f call 458d3f 567->572 573 459021 567->573 578 45907c 568->578 579 459148-45914d 568->579 569->561 576 459051-45906d call 41e983 call 458811 ??3@YAXPAX@Z 569->576 577 4590f1-4590fa 570->577 582 459023-45903e call 4577c5 572->582 573->582 574->552 575->574 576->561 588 459105-45910c 577->588 589 4590fc-459100 call 458e1c 577->589 590 459165-459182 578->590 591 459082-459087 578->591 585 4590a5-4590aa 579->585 586 459153-459158 579->586 582->561 603 4590ac-4590b7 call 457175 585->603 604 4590b9-4590c7 TranslateMessage DispatchMessageW 585->604 596 459198 586->596 597 45915a-45915f 586->597 588->539 588->577 589->588 590->561 599 459188-459193 call 458e1c 590->599 591->590 601 45908d-459092 591->601 608 45919b-4591a9 call 45861d 596->608 597->585 597->590 599->561 601->590 609 459098 601->609 603->561 603->604 604->561 608->561 609->585 614 45909a-45909f 609->614 614->585 614->608
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000000,STATIC,004F4AF4,40000000,00000000,00000000,00000032,00000019,00000000,00000000,00000000,00000000), ref: 00458F91
                                                                                                                                                                                                                                                • SetEvent.KERNEL32 ref: 00458FA4
                                                                                                                                                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 0045900D
                                                                                                                                                                                                                                                • TranslateMessage.USER32(?), ref: 004590BD
                                                                                                                                                                                                                                                • DispatchMessageW.USER32(?), ref: 004590C7
                                                                                                                                                                                                                                                • PeekMessageW.USER32(?,000000FF,0000803C,0000804B,00000000), ref: 004590DE
                                                                                                                                                                                                                                                • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00459118
                                                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT ref: 004591C0
                                                                                                                                                                                                                                                • ResetEvent.KERNEL32(?,00543460,00000000,?,00000000,?,00543460,00000000,?), ref: 004591FD
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32 ref: 00459209
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Message$Event$??2@??3@CloseCreateDispatchHandlePeekResetTranslateWindow
                                                                                                                                                                                                                                                • String ID: IEThread exited$STATIC
                                                                                                                                                                                                                                                • API String ID: 120406167-2734242229
                                                                                                                                                                                                                                                • Opcode ID: 0965e81dc0452a932961291fe65ea931d19293e24808bd62a0e3bee973bccca0
                                                                                                                                                                                                                                                • Instruction ID: 3a3c421feb557a81533b0449e52415c954a4af1c3ddc7b979cd092542793fc56
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0965e81dc0452a932961291fe65ea931d19293e24808bd62a0e3bee973bccca0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9C717471D01118DBDF14EBA6C8898DFBB79EF04755B20042BF905E7292DB389E09CB59
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0049BD31 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 90networkCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 617 49bd31-49bd50 call 46da5a 620 49bd78-49bd94 setsockopt 617->620 621 49bd52-49bd5c 617->621 622 49bdd2-49bdd4 620->622 623 49bd96-49bdb1 call 487e9b call 46bded 620->623 624 49bd5e-49bd70 WSAGetLastError call 41fb6b 621->624 625 49bd71-49bd73 621->625 627 49be2b 622->627 634 49bdb3-49bdbd 623->634 635 49bdd6-49be01 inet_addr * 2 setsockopt 623->635 624->625 629 49be2c-49be2f 625->629 627->629 634->622 636 49bdbf-49bdd1 WSAGetLastError call 41fb6b 634->636 637 49be03-49be0d 635->637 638 49be22-49be29 call 46c4b9 635->638 636->622 637->638 641 49be0f-49be21 WSAGetLastError call 41fb6b 637->641 638->627 641->638
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 0046DA5A: socket.WS2_32(00000010,00000000,00000000), ref: 0046DA69
                                                                                                                                                                                                                                                  • Part of subcall function 0046DA5A: setsockopt.WS2_32(00000000,00000029,00000017,00000017,00000004), ref: 0046DA8F
                                                                                                                                                                                                                                                • WSAGetLastError.WS2_32(00000002,00000002,00000000,00000001,00000000,00000000,?,?,?,?,0049D7D7,00000000,?,00000000), ref: 0049BD5E
                                                                                                                                                                                                                                                • setsockopt.WS2_32(?,0000FFFF,00000004,00000000,00000004), ref: 0049BD90
                                                                                                                                                                                                                                                • WSAGetLastError.WS2_32(?,00000000,0000076C,?,?,?,?,0049D7D7,00000000,?,00000000), ref: 0049BDBF
                                                                                                                                                                                                                                                • inet_addr.WS2_32(239.255.255.250), ref: 0049BDE1
                                                                                                                                                                                                                                                • inet_addr.WS2_32(0.0.0.0), ref: 0049BDEB
                                                                                                                                                                                                                                                • setsockopt.WS2_32(?,00000000,0000000C,00000000,00000008), ref: 0049BDFD
                                                                                                                                                                                                                                                • WSAGetLastError.WS2_32(?,?,?,?,0049D7D7,00000000,?,00000000,?,?,?,?,?,?,0048FFC2,00000000), ref: 0049BE0F
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • UPnP: Could not join multicast group: %d, xrefs: 0049BE16
                                                                                                                                                                                                                                                • 239.255.255.250, xrefs: 0049BDDC
                                                                                                                                                                                                                                                • 0.0.0.0, xrefs: 0049BDE3
                                                                                                                                                                                                                                                • UPnP: Unable to create socket: %d, xrefs: 0049BD65
                                                                                                                                                                                                                                                • UPnP: Unable to bind to UPnP port: %d, xrefs: 0049BDC6
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ErrorLastsetsockopt$inet_addr$socket
                                                                                                                                                                                                                                                • String ID: 0.0.0.0$239.255.255.250$UPnP: Could not join multicast group: %d$UPnP: Unable to bind to UPnP port: %d$UPnP: Unable to create socket: %d
                                                                                                                                                                                                                                                • API String ID: 3065726123-2126674998
                                                                                                                                                                                                                                                • Opcode ID: 29962f25c707c860ace3f0dc51547c9994f901431d7f61e754683f412753a5c8
                                                                                                                                                                                                                                                • Instruction ID: b31cb62c92814b1d36bc79e120f4f099ecb592d6a29cdfb0ba0b2f01a454b5e2
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 29962f25c707c860ace3f0dc51547c9994f901431d7f61e754683f412753a5c8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 45210A71604700ABDF24A7A1AD87FFF3BA8EB44B14F10012AF601991C1DF785905D7AD
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0049BE30 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 89networkCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 646 49be30-49be54 call 46da5a call 46bded 651 49be7c-49be96 setsockopt 646->651 652 49be56-49be60 646->652 655 49be98-49bea2 651->655 656 49beb7-49bece setsockopt 651->656 653 49be62-49be74 WSAGetLastError call 41fb6b 652->653 654 49be75-49be77 652->654 653->654 658 49bf2a-49bf2d 654->658 655->656 659 49bea4-49beb6 WSAGetLastError call 41fb6b 655->659 660 49beef-49bf07 setsockopt 656->660 661 49bed0-49beda 656->661 659->656 662 49bf09-49bf13 660->662 663 49bf28 660->663 661->660 666 49bedc-49beee WSAGetLastError call 41fb6b 661->666 662->663 668 49bf15-49bf27 WSAGetLastError call 41fb6b 662->668 663->658 666->660 668->663
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 0046DA5A: socket.WS2_32(00000010,00000000,00000000), ref: 0046DA69
                                                                                                                                                                                                                                                  • Part of subcall function 0046DA5A: setsockopt.WS2_32(00000000,00000029,00000017,00000017,00000004), ref: 0046DA8F
                                                                                                                                                                                                                                                  • Part of subcall function 0046BDED: bind.WS2_32(000000FF,?,FF ), ref: 0046BE12
                                                                                                                                                                                                                                                • WSAGetLastError.WS2_32(?,00000002,00000002,00000000,00000001,00000000,00000000,00000000,0000076C,00000000,?,00000000), ref: 0049BE62
                                                                                                                                                                                                                                                • setsockopt.WS2_32(?,00000000,00000009,0000076C,00000004), ref: 0049BE92
                                                                                                                                                                                                                                                • WSAGetLastError.WS2_32(?,?,?,?,?,?,0048FFC2,00000000,?,00000000), ref: 0049BEA4
                                                                                                                                                                                                                                                • setsockopt.WS2_32(?,00000000,00000004,00000004), ref: 0049BECA
                                                                                                                                                                                                                                                • WSAGetLastError.WS2_32 ref: 0049BEDC
                                                                                                                                                                                                                                                • setsockopt.WS2_32(?,00000000,0000000A,000000FF,00000004), ref: 0049BF02
                                                                                                                                                                                                                                                • WSAGetLastError.WS2_32(?,?,?,?,?,?,0048FFC2,00000000,?,00000000), ref: 0049BF15
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • UPnP: Could not set unicast TTL: %d, xrefs: 0049BEE3
                                                                                                                                                                                                                                                • UPnP: Could not setup socket to send multicast packets: %d, xrefs: 0049BEAB
                                                                                                                                                                                                                                                • UPnP: Unable to bind to UPnP port: %d, xrefs: 0049BE69
                                                                                                                                                                                                                                                • UPnP: Could not set multicast TTL: %d, xrefs: 0049BF1C
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ErrorLastsetsockopt$bindsocket
                                                                                                                                                                                                                                                • String ID: UPnP: Could not set multicast TTL: %d$UPnP: Could not set unicast TTL: %d$UPnP: Could not setup socket to send multicast packets: %d$UPnP: Unable to bind to UPnP port: %d
                                                                                                                                                                                                                                                • API String ID: 4163718337-4018275130
                                                                                                                                                                                                                                                • Opcode ID: e453f51995f62c54aa49c621941edf5002e574ee831e339f8ccf0d69ff780cf7
                                                                                                                                                                                                                                                • Instruction ID: 981184fda55b43694a697f2bf33d69929ff419d47381afb9be3487e20efa3b35
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e453f51995f62c54aa49c621941edf5002e574ee831e339f8ccf0d69ff780cf7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2C21A3B16043047EEB14AB95AD46FBB3AACEB04B14F14003AFB01851D2DBB95D49DAB9
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0046E720 Relevance: 18.2, APIs: 12, Instructions: 194networkstringCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 673 46e720-46e74c call 46c4e4 call 487e60 call 407379 680 46e74e-46e758 call 487ed0 673->680 681 46e75a-46e75b call 487e9b 673->681 684 46e760-46e794 call 407379 call 46da5a 680->684 681->684 690 46e796-46e7a7 WSAGetLastError 684->690 691 46e7ac-46e7b3 684->691 696 46e955-46e959 690->696 692 46e7b5 691->692 693 46e7b9-46e7ca call 40889c 691->693 692->693 698 46e7cc-46e7dc 693->698 699 46e7dd-46e7e6 call 40889c 693->699 698->699 702 46e7f1-46e80d setsockopt 699->702 703 46e7e8-46e7eb 699->703 705 46e80f-46e836 _errno * 2 strerror call 4879a0 702->705 706 46e83b-46e849 call 46bded 702->706 703->702 704 46e87b-46e8cb GetTickCount call 46352e connect 703->704 713 46e913-46e922 GetTickCount 704->713 714 46e8cd-46e8d8 WSAGetLastError 704->714 705->690 706->704 715 46e84b-46e876 _errno * 2 strerror call 4879a0 706->715 718 46e927-46e92c 713->718 719 46e924 713->719 716 46e8f7-46e911 call 46c77a 714->716 717 46e8da-46e8df 714->717 715->690 729 46e94a-46e950 call 46b29f 716->729 717->716 721 46e8e1-46e8f5 717->721 723 46e930-46e945 call 46b2be call 46b29f 718->723 724 46e92e 718->724 719->718 721->729 723->729 724->723 729->696
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 0046C4E4: setsockopt.WS2_32(000000FF,0000FFFF,00000080,00000000,00000004), ref: 0046C51B
                                                                                                                                                                                                                                                • WSAGetLastError.WS2_32(00000001,00000000,?,?,?,?,00000020), ref: 0046E79B
                                                                                                                                                                                                                                                • setsockopt.WS2_32(000000FF,0000FFFF,00000004,000000F8,00000004), ref: 0046E804
                                                                                                                                                                                                                                                • _errno.MSVCRT ref: 0046E80F
                                                                                                                                                                                                                                                • _errno.MSVCRT ref: 0046E816
                                                                                                                                                                                                                                                • strerror.MSVCRT ref: 0046E820
                                                                                                                                                                                                                                                • _errno.MSVCRT ref: 0046E84B
                                                                                                                                                                                                                                                • _errno.MSVCRT ref: 0046E852
                                                                                                                                                                                                                                                • strerror.MSVCRT ref: 0046E85C
                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 0046E896
                                                                                                                                                                                                                                                • connect.WS2_32(000000FF,?,000000F8), ref: 0046E8C2
                                                                                                                                                                                                                                                • WSAGetLastError.WS2_32 ref: 0046E8CD
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: _errno$ErrorLastsetsockoptstrerror$CountTickconnect
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 666995827-0
                                                                                                                                                                                                                                                • Opcode ID: fd9c4b8a9e14d6b3d460728b595ba7b0fbd6178cd7020cb626f48f1ec8ef5e29
                                                                                                                                                                                                                                                • Instruction ID: fbedfe4135c01f036c4aded36305d0a8e012500ca2ca2a000b73cfbec0945a7a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fd9c4b8a9e14d6b3d460728b595ba7b0fbd6178cd7020cb626f48f1ec8ef5e29
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7051F835500204AADF20AF76CC85BAF3BA5AF41324F14457AF959AF2C2E738CD44D7A6
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0043CB3D Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 62COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 733 43cb3d-43cb4b 734 43cb54-43cb6d GetVersionExW 733->734 735 43cb4d-43cb4f 733->735 737 43cb73-43cb7c 734->737 738 43cb6f-43cb71 734->738 736 43cbe9-43cbeb 735->736 739 43cb98-43cb9f 737->739 740 43cb7e-43cb85 737->740 738->736 741 43cba1-43cbae 739->741 743 43cbe1-43cbe3 739->743 740->741 742 43cb87-43cb96 740->742 745 43cbaf-43cbc0 LoadLibraryA 741->745 742->745 744 43cbe7-43cbe8 743->744 744->736 745->743 746 43cbc2-43cbd0 GetProcAddress 745->746 747 43cbd2-43cbd8 746->747 748 43cbda-43cbdb FreeLibrary 746->748 747->748 750 43cbe5 747->750 748->743 750->744
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetVersionExW.KERNEL32(?,00000000), ref: 0043CB65
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Version
                                                                                                                                                                                                                                                • String ID: InitSecurityInterfaceA$Secur32.dll$Security.dll
                                                                                                                                                                                                                                                • API String ID: 1889659487-120424522
                                                                                                                                                                                                                                                • Opcode ID: f86369792efebf1cbc9a667f6c0f5878fc807da0936c2e841876adaceadf0360
                                                                                                                                                                                                                                                • Instruction ID: ca89516d146353be0b8cf92b680ff75ad48473e28c0056155b85ac76703b81f7
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f86369792efebf1cbc9a667f6c0f5878fc807da0936c2e841876adaceadf0360
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9B118631904619DBCF218E25ACCA6D7F3A95F1A711F0010F6D905FF201D779A9898BAA
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0048CA94 Relevance: 10.7, APIs: 2, Strings: 5, Instructions: 221COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 751 48ca94-48ca9b 752 48ca9d-48caa8 751->752 753 48cae7-49d644 751->753 754 48caaa-48cab0 752->754 755 48cab2-48cae2 call 4a026c 752->755 758 49d909-49d90d 753->758 759 49d64a-49d651 753->759 754->753 754->755 755->753 759->758 760 49d657-49d65e 759->760 761 49d660-49d66c 760->761 762 49d6b4-49d6c3 760->762 761->758 765 49d672-49d679 761->765 763 49d6cd-49d6d3 762->763 764 49d6c5-49d6c7 762->764 766 49d858-49d85e 763->766 767 49d6d9-49d6f7 call 49d04a 763->767 764->763 764->766 768 49d67b 765->768 769 49d681-49d6af call 49d5ec call 48aac4 765->769 766->758 771 49d864-49d867 766->771 777 49d6fd-49d70a call 4639af 767->777 778 49d7a3-49d7a9 767->778 768->769 769->758 774 49d869-49d86b 771->774 775 49d871-49d877 771->775 774->758 774->775 779 49d87d-49d88a 775->779 780 49d903 775->780 800 49d70c-49d70f 777->800 801 49d711-49d72c call 4636fb call 487e9b call 48bc64 777->801 782 49d7ab-49d7b7 ??2@YAPAXI@Z 778->782 783 49d7f2-49d7f8 778->783 785 49d88c-49d88e 779->785 786 49d8c3-49d8c5 779->786 780->758 788 49d7b9-49d7c8 call 46bd77 782->788 789 49d7ca 782->789 783->758 793 49d7fe-49d806 783->793 794 49d890-49d89a 785->794 795 49d8a3-49d8ad 785->795 791 49d8ec-49d8f6 786->791 792 49d8c7-49d8d1 786->792 799 49d7cc-49d7d2 call 49bd31 788->799 789->799 791->780 803 49d8f8-49d902 call 41fb6b 791->803 792->780 802 49d8d3-49d8ea call 49bc03 call 41fb6b 792->802 804 49d808 793->804 805 49d820-49d828 793->805 796 49d8ba-49d8c1 794->796 806 49d89c-49d8a1 794->806 795->796 797 49d8af 795->797 796->758 808 49d8b4-49d8b9 call 41fb6b 797->808 821 49d7d7-49d7d9 799->821 800->801 812 49d731-49d737 800->812 801->812 802->780 803->780 807 49d80a-49d81e 804->807 805->758 809 49d82e-49d845 call 49f45a call 49bf30 805->809 806->808 807->805 807->807 808->796 839 49d84a-49d851 809->839 816 49d739 812->816 817 49d79b-49d79e call 48b74d 812->817 825 49d73b-49d747 ??2@YAPAXI@Z 816->825 817->778 821->783 828 49d7db-49d7ed call 46c4e4 821->828 831 49d749-49d759 call 46bd77 825->831 832 49d75b 825->832 828->758 838 49d75e-49d767 call 49be30 831->838 832->838 845 49d76c-49d76e 838->845 839->809 844 49d853 839->844 844->758 846 49d77b-49d788 call 48bc64 845->846 847 49d770-49d779 call 46c4e4 845->847 851 49d78d-49d799 846->851 847->851 851->817 851->825
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • UPnP: Unable to map port %I:%d with UPnP., xrefs: 0049D8DD
                                                                                                                                                                                                                                                • UPnP: Unable to get external IP with UPnP., xrefs: 0049D8F8
                                                                                                                                                                                                                                                • UPnP: Could not detect external IP on this pass, retrying., xrefs: 0049D8AF
                                                                                                                                                                                                                                                • 239.255.255.250, xrefs: 0049D835
                                                                                                                                                                                                                                                • UPnP: Could not map UPnP Port on this pass, retrying., xrefs: 0049D89C
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: 239.255.255.250$UPnP: Could not detect external IP on this pass, retrying.$UPnP: Could not map UPnP Port on this pass, retrying.$UPnP: Unable to get external IP with UPnP.$UPnP: Unable to map port %I:%d with UPnP.
                                                                                                                                                                                                                                                • API String ID: 0-900214317
                                                                                                                                                                                                                                                • Opcode ID: c62156ad439d56ab74b83029efa361e8db34f9564941001e0883d890643241f7
                                                                                                                                                                                                                                                • Instruction ID: 6d815089ceb0d87982a56dce5be5941f97d59a60377ecb8572dd5fe6bd6e170a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c62156ad439d56ab74b83029efa361e8db34f9564941001e0883d890643241f7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EA81C074D802459ACF24FFA5E8927FA3B64BB2230CB14407FD15257292D77C094AEF9A
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004371FA Relevance: 9.0, APIs: 6, Instructions: 27threadCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetCurrentThread.KERNEL32 ref: 0043720B
                                                                                                                                                                                                                                                • SetThreadPriority.KERNEL32(00000000), ref: 00437214
                                                                                                                                                                                                                                                • GetCurrentThread.KERNEL32 ref: 0043722A
                                                                                                                                                                                                                                                • SetThreadPriority.KERNEL32(00000000), ref: 00437233
                                                                                                                                                                                                                                                • GetCurrentThread.KERNEL32 ref: 00437237
                                                                                                                                                                                                                                                • SetThreadPriority.KERNEL32(00000000), ref: 0043723A
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Thread$CurrentPriority
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1343868529-0
                                                                                                                                                                                                                                                • Opcode ID: 676de2501da33460a3ae05aab1acf7e72cd43594922d2dc9fdf2b0796fd57fec
                                                                                                                                                                                                                                                • Instruction ID: 98b7f03d03192239b80dc3813169242e7629338a1043ac82295b91da3c824815
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 676de2501da33460a3ae05aab1acf7e72cd43594922d2dc9fdf2b0796fd57fec
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 20E0D872D0816411CD202BE62C44F1F2A1CEBC9331F1A0497F3009F180856458414BA7
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004A1BCF Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 896 4a1bcf-4a1bea call 46fc81 899 4a1bec-4a1bf9 GetFileSize 896->899 900 4a1c41-4a1c46 896->900 901 4a1c3a-4a1c3b CloseHandle 899->901 902 4a1bfb-4a1bff 899->902 903 4a1c53-4a1c57 900->903 901->900 904 4a1c11-4a1c1d call 468620 902->904 905 4a1c01-4a1c05 902->905 904->901 909 4a1c1f-4a1c2f call 4a0d53 904->909 905->904 906 4a1c07-4a1c0f SetLastError 905->906 906->901 912 4a1c48-4a1c51 FindCloseChangeNotification 909->912 913 4a1c31-4a1c35 call 468618 909->913 912->903 913->901
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 0046FC81: CreateFileW.KERNEL32(?,00008000,00000000,00000000,00000030,00000000,00000000,00000000,0044C067,00000080,00000000,004879A0,0044C623,?,?), ref: 0046FCCB
                                                                                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,00000080,00000000,?,00000008,?,00000000,0041327C,01000000,00000000,00000008,00000000), ref: 004A1BEE
                                                                                                                                                                                                                                                • SetLastError.KERNEL32(00000008,?,00000000,0041327C,01000000,00000000,00000008,00000000), ref: 004A1C09
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,00000000,0041327C,01000000,00000000,00000008,00000000), ref: 004A1C3B
                                                                                                                                                                                                                                                • FindCloseChangeNotification.KERNEL32(00000000,00000000,?,00000000,0041327C,01000000,00000000,00000008,00000000), ref: 004A1C49
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CloseFile$ChangeCreateErrorFindHandleLastNotificationSize
                                                                                                                                                                                                                                                • String ID: |2A
                                                                                                                                                                                                                                                • API String ID: 1615418266-1308716369
                                                                                                                                                                                                                                                • Opcode ID: aa660af55d01a2f4240aa81fc3c69f27019cb2bad61fec924710b5e3bdaaab42
                                                                                                                                                                                                                                                • Instruction ID: 1ce54f2dd0daeea992d89eee4c80afb91131089468f81cdf9afb8c867e97f47a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: aa660af55d01a2f4240aa81fc3c69f27019cb2bad61fec924710b5e3bdaaab42
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8D0121312802145BC3202B3A9C88B6BB7999BE7735F04423BF952D72E1DE399C05827E
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004A2051 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 50timeCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • FileTimeToSystemTime.KERNEL32(?,?,?,00000000,00000000,0000003C,00000000), ref: 004A2073
                                                                                                                                                                                                                                                • GetDateFormatA.KERNELBASE(00000400,00000000,?,ddd','dd'-'MMM'-'yyyy,?,00000030), ref: 004A2090
                                                                                                                                                                                                                                                • GetTimeFormatA.KERNEL32(00000400,00000000,?,HH':'mm':'ss',?,00000030), ref: 004A20B2
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Time$Format$DateFileSystem
                                                                                                                                                                                                                                                • String ID: HH':'mm':'ss'$ddd','dd'-'MMM'-'yyyy
                                                                                                                                                                                                                                                • API String ID: 3098269223-2310708519
                                                                                                                                                                                                                                                • Opcode ID: 9aeeaf7c198d4c9d16dc6f9aabf416fa88587d92b847b5b1929bc9afce68ddb4
                                                                                                                                                                                                                                                • Instruction ID: 837c10bafb81a3ec0465ef38e833e18109eed65ebddadc7d89db20cbc4266280
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9aeeaf7c198d4c9d16dc6f9aabf416fa88587d92b847b5b1929bc9afce68ddb4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F0019A76600218BBDB10EBB99C49FFE7B6CBB48744F140829BA14DB182D6749909CB69
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004635B9 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 43COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 924 4635b9-4635c8 925 4635ca-4635d1 924->925 926 4635f9-463600 924->926 927 4635d3-4635e5 inet_addr 925->927 928 4635ea-4635f7 GetBestInterface 925->928 929 463602-463607 926->929 930 463609-463616 926->930 927->928 931 463646-463648 928->931 929->931 932 46362d-463645 call 46352e GetBestInterfaceEx 930->932 933 463618-463628 call 48817b 930->933 932->931 933->932
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • inet_addr.WS2_32(4.2.2.1), ref: 004635DF
                                                                                                                                                                                                                                                • GetBestInterface.IPHLPAPI(?,00000002), ref: 004635F1
                                                                                                                                                                                                                                                • GetBestInterfaceEx.IPHLPAPI(?,?), ref: 0046363F
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: BestInterface$inet_addr
                                                                                                                                                                                                                                                • String ID: 2001:db8::1428:57ab$4.2.2.1
                                                                                                                                                                                                                                                • API String ID: 4228498846-2965112811
                                                                                                                                                                                                                                                • Opcode ID: 3236e5bedf0aad1c28d0def8388d1ca1c2f659fbdd9f0295e7c4536c69117a7d
                                                                                                                                                                                                                                                • Instruction ID: 02c7b7f996b1a32e2f2dc17ec180a5a8e4ab35d4e5bd554b5c0c86b5553e2ea3
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3236e5bedf0aad1c28d0def8388d1ca1c2f659fbdd9f0295e7c4536c69117a7d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FE01F774601298BBCB106F55ECCABF6BAE9A72530DF104026F401923B1E7694B0C9B57
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00463912 Relevance: 7.6, APIs: 5, Instructions: 63networkCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 997 463912-463932 socket 998 463934-463962 WSAIoctl closesocket 997->998 999 46399a 997->999 998->999 1000 463964-463966 998->1000 1001 46399f-4639a3 999->1001 1002 46396f-463986 htonl 1000->1002 1003 463968-46396d call 4636fb 1000->1003 1002->999 1005 463988 1002->1005 1003->1002 1007 46398e-463990 1005->1007 1008 4639a4-4639ad htonl 1007->1008 1009 463992-463998 1007->1009 1008->1001 1009->999 1009->1007
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • socket.WS2_32(00000002,00000002,00000000), ref: 00463927
                                                                                                                                                                                                                                                • WSAIoctl.WS2_32(00000000,4004747F,00000000,00000000,?,000005F0,?,00000000,00000000), ref: 0046394E
                                                                                                                                                                                                                                                • closesocket.WS2_32(00000000), ref: 00463958
                                                                                                                                                                                                                                                • htonl.WS2_32(00000000), ref: 0046397C
                                                                                                                                                                                                                                                  • Part of subcall function 004636FB: htonl.WS2_32(?), ref: 0046370B
                                                                                                                                                                                                                                                • htonl.WS2_32(?), ref: 004639A7
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: htonl$Ioctlclosesocketsocket
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3500403049-0
                                                                                                                                                                                                                                                • Opcode ID: 39e3c15ff0c33cd54ef3e252fb36747a7488c1d86b32bf5b6e812c1579f9fa92
                                                                                                                                                                                                                                                • Instruction ID: 6c9e4f150a972fd1b1b6b087670543349d086c147b308e6accfa2f1f7a51fbca
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 39e3c15ff0c33cd54ef3e252fb36747a7488c1d86b32bf5b6e812c1579f9fa92
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4E115C71A00154BBC7205B7ACC8CD7F7AAAEF80326F140126F119C61D1E7B44E068E55
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00436934 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 168COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 1010 436934-436942 1011 436962-43697f 1010->1011 1012 436944-436953 1010->1012 1013 436983-436985 1011->1013 1014 436981 1011->1014 1015 436957-43695e 1012->1015 1016 436955 1012->1016 1017 436987 1013->1017 1018 436989-436999 1013->1018 1014->1013 1015->1011 1019 436960 1015->1019 1016->1015 1017->1018 1020 436a1a-436a1c 1018->1020 1019->1011 1021 436a22-436a28 1020->1021 1022 43699b-4369a6 1020->1022 1023 436b65-436b6a 1021->1023 1024 436a2e-436a3e 1021->1024 1025 4369b5-4369b8 1022->1025 1026 4369a8-4369b3 1022->1026 1027 436a40-436a6a call 43351a call 434fba 1024->1027 1028 436a76-436a81 1024->1028 1030 4369fb-4369fe 1025->1030 1031 4369ba-4369c3 1025->1031 1029 436a15 1026->1029 1027->1028 1057 436a6c 1027->1057 1036 436a83-436a89 1028->1036 1037 436aae-436ab5 1028->1037 1032 436a18 1029->1032 1030->1029 1038 436a00-436a03 1030->1038 1034 4369c5 1031->1034 1035 4369cb-4369f9 ??3@YAXPAX@Z 1031->1035 1032->1020 1034->1035 1035->1032 1040 436ae4-436aeb 1036->1040 1042 436a8b-436aac call 4367f0 * 2 1036->1042 1039 436ab7-436abd 1037->1039 1037->1040 1038->1029 1043 436a05-436a0e 1038->1043 1039->1040 1044 436abf-436ac6 1039->1044 1046 436b4f-436b5c 1040->1046 1047 436aed-436af3 1040->1047 1042->1040 1043->1029 1044->1047 1051 436ac8-436ade call 49efe6 1044->1051 1046->1023 1050 436b5e 1046->1050 1047->1046 1053 436af5-436afb 1047->1053 1050->1023 1051->1040 1058 436afd-436b0a 1053->1058 1059 436b0c-436b1a 1053->1059 1057->1028 1058->1046 1062 436b44 call 4365e0 1059->1062 1063 436b1c-436b3c 1059->1063 1066 436b49 1062->1066 1063->1046 1065 436b3e 1063->1065 1065->1062 1067 436b40-436b42 1065->1067 1066->1046 1067->1046 1067->1062
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ??3@
                                                                                                                                                                                                                                                • String ID: #.'f$router.bittorrent.com$router.utorrent.com
                                                                                                                                                                                                                                                • API String ID: 613200358-4259993299
                                                                                                                                                                                                                                                • Opcode ID: d9ca1ee4a41e06bb42fbc44f3f1f864c88ce5570ffca168a162671f7a32442b3
                                                                                                                                                                                                                                                • Instruction ID: eae4eece34bf3562b1170ae233a08a6e252589feefd3e0b9502ee6f4ca7fc504
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d9ca1ee4a41e06bb42fbc44f3f1f864c88ce5570ffca168a162671f7a32442b3
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 83512674600222AFD725DF1AE88059277A1FB6E318F52D42FE442C7761D778A849DF18
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0049B92E Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 89memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(TCP), ref: 0049B9C1
                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 0049B9E1
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: String$AllocFree
                                                                                                                                                                                                                                                • String ID: TCP$UDP
                                                                                                                                                                                                                                                • API String ID: 344208780-1097902612
                                                                                                                                                                                                                                                • Opcode ID: 7ca646744ce39438ea819ef5629ce1f7a5e76b11bb8eb2f3807b536ef3258aa7
                                                                                                                                                                                                                                                • Instruction ID: bacbece2b634a3d3b754ab59464f082eaae4fd543954abef004c9e0b0be6569e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7ca646744ce39438ea819ef5629ce1f7a5e76b11bb8eb2f3807b536ef3258aa7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2A3193B1940244BFCF10AFA9D8889AEBFB8EF45304F1440BAF585E7241CB399D45CBA5
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0046B6C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 60networkCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • WSAEnumNetworkEvents.WS2_32(?,00000000,?), ref: 0046B6D9
                                                                                                                                                                                                                                                • WSAGetLastError.WS2_32 ref: 0046B6E9
                                                                                                                                                                                                                                                • WSAGetLastError.WS2_32 ref: 0046B6F8
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • WSAEnumNetworkEvents error (%d), xrefs: 0046B6EC
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ErrorLast$EnumEventsNetwork
                                                                                                                                                                                                                                                • String ID: WSAEnumNetworkEvents error (%d)
                                                                                                                                                                                                                                                • API String ID: 2729671098-4106604955
                                                                                                                                                                                                                                                • Opcode ID: aa326d979cda8e2963c1764032aec095ec06b46f39f1c67b2f0b3b4fcc0f81cd
                                                                                                                                                                                                                                                • Instruction ID: c861af9398d2616420df4830dd883fe249b3f49882fae5a24120c35926223af5
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: aa326d979cda8e2963c1764032aec095ec06b46f39f1c67b2f0b3b4fcc0f81cd
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3711A3755003059FDB249F19C891BAB77A4FF85312F10402AD841DB3D1E779AC81CBE6
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00466AA1 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42libraryloaderCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(wininet.dll,00000000,004879A0,?,?,0044C651,00000000,?,?,?,?,?,?,00459CFD,00459C7E,?), ref: 00466AB9
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,wininet.dll), ref: 00466AD3
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,0044C651,00000000,?,?,?,?,?,?,00459CFD,00459C7E,?,00000000), ref: 00466AEA
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AddressErrorLastLibraryLoadProc
                                                                                                                                                                                                                                                • String ID: wininet.dll
                                                                                                                                                                                                                                                • API String ID: 3511525774-3354682871
                                                                                                                                                                                                                                                • Opcode ID: daff001abb3e70ba646bc644a6ca82468a865f3399cedef8fc47b8312c838540
                                                                                                                                                                                                                                                • Instruction ID: a11fecdcda467665f9f3dcdf23df545e30d05eb4b71810a525643f4418298fc5
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: daff001abb3e70ba646bc644a6ca82468a865f3399cedef8fc47b8312c838540
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 83F0F6750811A11BD7220AA598147E7BB989F93350F2AC42FE8C5A3301F6398C86C66F
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004A1D2F Relevance: 6.1, APIs: 4, Instructions: 93COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(74DF20B0,74DEE010,00000000,00000000,?,0043E8D8,?,?,?,?,00000000,?,?,?), ref: 004A1D61
                                                                                                                                                                                                                                                • memcpy.MSVCRT ref: 004A1D7E
                                                                                                                                                                                                                                                • CreateDirectoryW.KERNEL32(0043E8D8,00000000,?,?,0043E8D8,?,?,?,?,00000000,?,?,?), ref: 004A1DD9
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,0043E8D8,?,?,?,?,00000000,?,?,?), ref: 004A1DE3
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ErrorLast$CreateDirectorymemcpy
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2096187785-0
                                                                                                                                                                                                                                                • Opcode ID: 927db12ebc37b9cf8b03cdaf0a00a10ec7db41569e419fee02d936f0cf452cf2
                                                                                                                                                                                                                                                • Instruction ID: 3ac3dc40ff125a3e767cc2c3b7f4145d5d3c8132b0e46f787936e974d1b22e66
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 927db12ebc37b9cf8b03cdaf0a00a10ec7db41569e419fee02d936f0cf452cf2
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E321F635A006119BDB359B55D841AB7B3F5EB36344F00862BD946C72A0F7B8EE4083D9
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0043C954 Relevance: 6.0, APIs: 4, Instructions: 37synchronizationsleepCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • Sleep.KERNEL32(00002710), ref: 0043C965
                                                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000007D0), ref: 0043C97D
                                                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000007D0), ref: 0043C995
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000104), ref: 0043C9A8
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ObjectSingleWait$ErrorLastSleep
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 175909130-0
                                                                                                                                                                                                                                                • Opcode ID: 2b036800458b52947c16acdabc56ec0f8952ec3093f4c44db1313b499a476e54
                                                                                                                                                                                                                                                • Instruction ID: 85fa5c30e319ffee42661dcac4be93b2b2ef7286bb9b65763b970333078341b7
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2b036800458b52947c16acdabc56ec0f8952ec3093f4c44db1313b499a476e54
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5CF0BB757002086FDB006B35ECC9D5B7B69DF44374F105672FA55AB2E2CA749D808BD8
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0049BF30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • htonl.WS2_32(?), ref: 0049BF56
                                                                                                                                                                                                                                                • sendto.WS2_32(?,M-SEARCH * HTTP/1.1HOST: 239.255.255.250:1900ST:upnp:rootdeviceMAN:"ssdp:discover"MX:3,00000062,00000000,?,00000010), ref: 0049BF71
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • M-SEARCH * HTTP/1.1HOST: 239.255.255.250:1900ST:upnp:rootdeviceMAN:"ssdp:discover"MX:3, xrefs: 0049BF69
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: htonlsendto
                                                                                                                                                                                                                                                • String ID: M-SEARCH * HTTP/1.1HOST: 239.255.255.250:1900ST:upnp:rootdeviceMAN:"ssdp:discover"MX:3
                                                                                                                                                                                                                                                • API String ID: 2860686779-4192374792
                                                                                                                                                                                                                                                • Opcode ID: 15b9d88b7a13e7f673ed9d580128be07fcc262bb1edb3e456c6ecf3d8dbed4aa
                                                                                                                                                                                                                                                • Instruction ID: e0e9b9bb22adbc8766f5d9c751add6dad8f24f89d82cdd608b6cb831cb06732d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 15b9d88b7a13e7f673ed9d580128be07fcc262bb1edb3e456c6ecf3d8dbed4aa
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 50F054765407187AEB005BA9DC06FEFB7B8FF08710F004436F651EB1E1D6B1A5108795
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00463649 Relevance: 4.6, APIs: 3, Instructions: 65networkCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 004631B6: LoadLibraryA.KERNEL32(Iphlpapi.dll,00000000,00000000,00463660,?,00000000), ref: 004631CB
                                                                                                                                                                                                                                                • gethostname.WS2_32(?,00000100), ref: 004636AB
                                                                                                                                                                                                                                                • gethostbyname.WS2_32(?), ref: 004636B8
                                                                                                                                                                                                                                                • htonl.WS2_32(?), ref: 004636DE
                                                                                                                                                                                                                                                  • Part of subcall function 004635B9: inet_addr.WS2_32(4.2.2.1), ref: 004635DF
                                                                                                                                                                                                                                                  • Part of subcall function 004635B9: GetBestInterface.IPHLPAPI(?,00000002), ref: 004635F1
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: BestInterfaceLibraryLoadgethostbynamegethostnamehtonlinet_addr
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 870949326-0
                                                                                                                                                                                                                                                • Opcode ID: ebbdc8d736d471c29cf4a7af98873914aa4d40aba12ce0a780a653bfc59d5e2a
                                                                                                                                                                                                                                                • Instruction ID: d3b488f11e47879c303e76075ce9cbbf6efc77d7dcb8c1ba55ea1a17839e807f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ebbdc8d736d471c29cf4a7af98873914aa4d40aba12ce0a780a653bfc59d5e2a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8211E931A00148ABCF30AF55C849BEE73B5AF51309F144057F5019B392EB7D8E4AC74A
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00434B9E Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 60COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ??2@memset
                                                                                                                                                                                                                                                • String ID: #.'f
                                                                                                                                                                                                                                                • API String ID: 1035511824-3741631022
                                                                                                                                                                                                                                                • Opcode ID: 30a3d2f89a7caa865fd6d922b947b551d7b5527fdcccbc8e6259a835829bb315
                                                                                                                                                                                                                                                • Instruction ID: 406aeda43e4087c19214367ffc0543695ef3f9773f3e77bb021fb0b65030e802
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 30a3d2f89a7caa865fd6d922b947b551d7b5527fdcccbc8e6259a835829bb315
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 67114CB5A002049FCB54DF6AD8C0A8A77E8EF88315F10507AFC09DB356D7B8E910CBA4
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004A026C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 21COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 0043C5FF: CreateThread.KERNEL32(?,?,?,?,?,?), ref: 0043C625
                                                                                                                                                                                                                                                • FindCloseChangeNotification.KERNEL32(00000000,dtfun,00000000,00000000,Function_0008C9EB,?,00000000,00000000,Function_0008C9EB,?,0048CAE7,00000000,0048FFC2,00000000,?,00000000), ref: 004A0293
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ChangeCloseCreateFindNotificationThread
                                                                                                                                                                                                                                                • String ID: dtfun
                                                                                                                                                                                                                                                • API String ID: 4060959955-4208289573
                                                                                                                                                                                                                                                • Opcode ID: a79ba7a002634996a044ade0f96ad537304e6f7357a8c78a7e953160edb8a831
                                                                                                                                                                                                                                                • Instruction ID: 3a859a9764f2ee26bf13cf3d5224ec3f9d50903f0eec0341dcae3ee66a77da6c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a79ba7a002634996a044ade0f96ad537304e6f7357a8c78a7e953160edb8a831
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5EE0C2B0700308BFEB08DB91CC46F7F776CEB80B44F204019B501AA1C0C5B4BD008728
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004634C3 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 19networkCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • WSAStringToAddressA.WS2_32(::1,00000017,00000000,?,00000000), ref: 004634EC
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AddressString
                                                                                                                                                                                                                                                • String ID: ::1
                                                                                                                                                                                                                                                • API String ID: 2549180374-2731173655
                                                                                                                                                                                                                                                • Opcode ID: 5b192d23ffd3767ce52e6c2f8d1d14e82d8ac69836afb2ddbe79c604c95634fe
                                                                                                                                                                                                                                                • Instruction ID: c79226f0552495f82b46b9b86d0d3999752a6e966b791dbc1ede1ff3bd360510
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5b192d23ffd3767ce52e6c2f8d1d14e82d8ac69836afb2ddbe79c604c95634fe
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3AD0C27520010DABD710A7E09C47BEE32A86F04704F600262A2A1E60C1EAB09A085B14
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00443BD8 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14registryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00442A06: RegCloseKey.KERNEL32(00000000,?,00443BE0,Software\Wine,004B15A1,80000002,Software\Wine,00020019,00000000,00000019,74DF23A0,?,?,?,004B1623,0046F37F), ref: 00442A10
                                                                                                                                                                                                                                                • RegOpenKeyExW.KERNEL32(?,?,00000000,?,?,Software\Wine,004B15A1,80000002,Software\Wine,00020019,00000000,00000019,74DF23A0), ref: 00443BEF
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CloseOpen
                                                                                                                                                                                                                                                • String ID: Software\Wine
                                                                                                                                                                                                                                                • API String ID: 47109696-669380751
                                                                                                                                                                                                                                                • Opcode ID: e6e61b4e1139124512d0c4bf1d47d5d43052b3154064fb2fa45849c4338c0c13
                                                                                                                                                                                                                                                • Instruction ID: 27eb3eee8b7a423b2ae2d0062fb25aff889c2060e01e461cfa5658acbba1d7d5
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e6e61b4e1139124512d0c4bf1d47d5d43052b3154064fb2fa45849c4338c0c13
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 24D02232058231AAC730AF309C00F8B7E94EFA5740F00092AB041A00B1C1A2C81697A1
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004639AF Relevance: 3.1, APIs: 2, Instructions: 78COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 004631B6: LoadLibraryA.KERNEL32(Iphlpapi.dll,00000000,00000000,00463660,?,00000000), ref: 004631CB
                                                                                                                                                                                                                                                • GetAdaptersAddresses.IPHLPAPI(00000002,00000008,00000000,00000000,00000000,00000000,?,?,?,?,0049D708,00000000,?,00000000), ref: 004639F0
                                                                                                                                                                                                                                                • GetAdaptersAddresses.IPHLPAPI(00000002,00000008,00000000,00000000,00000000), ref: 00463A0B
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AdaptersAddresses$LibraryLoad
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 328978198-0
                                                                                                                                                                                                                                                • Opcode ID: 9bd82e50bc3539613ffb25d8a5a47435c3fc132d68e9977478a62323197e9759
                                                                                                                                                                                                                                                • Instruction ID: cb2653885229bf2e0cb19541a2972f308d63a558faef6637b40fb2df48d88354
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9bd82e50bc3539613ffb25d8a5a47435c3fc132d68e9977478a62323197e9759
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E5210431A40244ABCB24DF95C881FBEB3B99B50704F14405EE9416B391FA78AF01A75A
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0046864F Relevance: 3.0, APIs: 2, Instructions: 41COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ??3@
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 613200358-0
                                                                                                                                                                                                                                                • Opcode ID: aed804886c0c901c2cbc7e72088bf5850927e947ebdb5d0f6f587539e1148540
                                                                                                                                                                                                                                                • Instruction ID: db61aecf8e1706f7fd255cdc1c82c8ee31a1c7d84fb4cf551ad39dba11242865
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: aed804886c0c901c2cbc7e72088bf5850927e947ebdb5d0f6f587539e1148540
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1AF0A033648131128A2A551EB8247BF43894BD5BB6F16422FE844D6340FE4C8C4351EE
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0042C1BF Relevance: 3.0, APIs: 2, Instructions: 26networkCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CleanupStartup
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 915672949-0
                                                                                                                                                                                                                                                • Opcode ID: e0220b2fd626ff9b64334ce4e264a1ace05ab9cde47feb97523b81cb4f6f356d
                                                                                                                                                                                                                                                • Instruction ID: e0b133222fb4041eff9e7a3b681a7da404ee6f4910e335aa90da5fdb24dd8136
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e0220b2fd626ff9b64334ce4e264a1ace05ab9cde47feb97523b81cb4f6f356d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 91E09B7060016C9DDB2157A97C8A3FA37996765308F800097E455C6293D55498869A2A
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0046DA5A Relevance: 3.0, APIs: 2, Instructions: 26networkCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • socket.WS2_32(00000010,00000000,00000000), ref: 0046DA69
                                                                                                                                                                                                                                                • setsockopt.WS2_32(00000000,00000029,00000017,00000017,00000004), ref: 0046DA8F
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: setsockoptsocket
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2787935680-0
                                                                                                                                                                                                                                                • Opcode ID: dbd1132c2e6c5e464c3812f9408ecac38e84d011c2df8cb2bc7d8b014e1e50f5
                                                                                                                                                                                                                                                • Instruction ID: 87124c9216b6eef7230325fccb442c2cbe8ca0c43b9daed24e0ed669da34f225
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dbd1132c2e6c5e464c3812f9408ecac38e84d011c2df8cb2bc7d8b014e1e50f5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 94E0E570500318BFDB10AF90CC49AAE3F64EB08360F008516FA1D4F2D1E7714950C796
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004A0D53 Relevance: 3.0, APIs: 2, Instructions: 21fileCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • ReadFile.KERNEL32(00000000,00000000,00000008,00000000,00000000,00000000,00000000,004A1C2D,00000000,?,00000000,0041327C,01000000,00000000,00000008,00000000), ref: 004A0D62
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000000,0041327C,01000000,00000000,00000008,00000000), ref: 004A0D6C
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ErrorFileLastRead
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1948546556-0
                                                                                                                                                                                                                                                • Opcode ID: 26c2956b3bc82baf08e951642dab21b1dfa9a8331bbb2650d28e4c0fe5735f54
                                                                                                                                                                                                                                                • Instruction ID: 0a58c092d93984f038659167eabc7761f705d6155625602c9bc221b7d2791f6f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 26c2956b3bc82baf08e951642dab21b1dfa9a8331bbb2650d28e4c0fe5735f54
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 07E0ECB2264109BFEB04DFA5CC46EAA7BACEB11744F104225B605C5190D679EA4096A9
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0046F8C5 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 13COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CoInitialize.OLE32(00000000), ref: 0046F8EB
                                                                                                                                                                                                                                                  • Part of subcall function 00466AA1: LoadLibraryA.KERNEL32(wininet.dll,00000000,004879A0,?,?,0044C651,00000000,?,?,?,?,?,?,00459CFD,00459C7E,?), ref: 00466AB9
                                                                                                                                                                                                                                                  • Part of subcall function 00466AA1: GetProcAddress.KERNEL32(00000000,wininet.dll), ref: 00466AD3
                                                                                                                                                                                                                                                  • Part of subcall function 00466AA1: GetLastError.KERNEL32(?,?,0044C651,00000000,?,?,?,?,?,?,00459CFD,00459C7E,?,00000000), ref: 00466AEA
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AddressErrorInitializeLastLibraryLoadProc
                                                                                                                                                                                                                                                • String ID: oleaut32.dll
                                                                                                                                                                                                                                                • API String ID: 3908964974-552348730
                                                                                                                                                                                                                                                • Opcode ID: 9064eb4be3adec14665cda551d832db416ad98ca47d20cc4ceed48a11b1a965a
                                                                                                                                                                                                                                                • Instruction ID: 905b6a530db0b0eda1b8323638ff57bb7c2948d01f073c5d0d1d96081b661064
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9064eb4be3adec14665cda551d832db416ad98ca47d20cc4ceed48a11b1a965a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 46D0122C6C410057EE0026D678153AB2681679270EF4180A6F6461F7D4D7E90809AE56
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00499C61 Relevance: 2.6, APIs: 2, Instructions: 62COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ??2@memcpy
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1754960329-0
                                                                                                                                                                                                                                                • Opcode ID: 8d66e63ed1b71f0297ab4be216d281742fface0d1f83b6ba63d587f5a8556666
                                                                                                                                                                                                                                                • Instruction ID: c3e016df28e33a02df51b2dce98da6928ebad199ea3281aaf19f331a1cf577a7
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8d66e63ed1b71f0297ab4be216d281742fface0d1f83b6ba63d587f5a8556666
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 57119A72500609AFCF249F69D8818AA3FA0FF08364B10412EFD458B252DB39DD60DFA4
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00437DC5 Relevance: 1.7, APIs: 1, Instructions: 207COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 0043C3B8: RtlEnterCriticalSection.NTDLL(00543978), ref: 0043C3C4
                                                                                                                                                                                                                                                  • Part of subcall function 0043C3B8: RtlEnterCriticalSection.NTDLL(005431B8), ref: 0043C3D0
                                                                                                                                                                                                                                                  • Part of subcall function 0043C3B8: GetCurrentThreadId.KERNEL32 ref: 0043C419
                                                                                                                                                                                                                                                  • Part of subcall function 0043C3B8: GetCurrentThreadId.KERNEL32 ref: 0043C425
                                                                                                                                                                                                                                                  • Part of subcall function 0043C3B8: RtlLeaveCriticalSection.NTDLL(005431B8), ref: 0043C42C
                                                                                                                                                                                                                                                • GlobalMemoryStatus.KERNEL32(?), ref: 00437E32
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CriticalSection$CurrentEnterThread$GlobalLeaveMemoryStatus
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2385593929-0
                                                                                                                                                                                                                                                • Opcode ID: 0f889d4424f0f4fa6c30808fa23939813edeb32311a1d51edeeb6511d1c03f79
                                                                                                                                                                                                                                                • Instruction ID: f85bd123434733c25020c2e3ba2bee98d5577a5ee30d0ab73d08c649150803da
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0f889d4424f0f4fa6c30808fa23939813edeb32311a1d51edeeb6511d1c03f79
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 866104B5E041609FDB28DF39DC819B97BA9EB5A30CF85816FF040D7320D6788C49AB58
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0046EB31 Relevance: 1.6, APIs: 1, Instructions: 101COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CountTick
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 536389180-0
                                                                                                                                                                                                                                                • Opcode ID: e535e8d3306a89049bbbd37be2e4291ae2961e7847f1d087c3915019f6fb5fd9
                                                                                                                                                                                                                                                • Instruction ID: da63e29e3143b63a385666d15530983f2ab278d395d2c877bed5f954e8474a50
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e535e8d3306a89049bbbd37be2e4291ae2961e7847f1d087c3915019f6fb5fd9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 883109392002049BDF10AF269895FAA37E5BF41704F14406BE90A9F282DA789945D7AA
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00463362 Relevance: 1.6, APIs: 1, Instructions: 87COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: htonl
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2009864989-0
                                                                                                                                                                                                                                                • Opcode ID: 90eb058f0a149ee71edcda432c7471f5b1dc3d1177afe2058b14b50741184d6d
                                                                                                                                                                                                                                                • Instruction ID: 52d583b6d1505397a5fcee148d5010264aecfb347fa33816b3ae71d412f34eea
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 90eb058f0a149ee71edcda432c7471f5b1dc3d1177afe2058b14b50741184d6d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F621E131A01146CBCB21AE15C8527AE73A29F5071AF24406FE8015B352FF3DDE828B8A
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00499811 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00499509: setsockopt.WS2_32(?,00000000,0000000E,?,00000004), ref: 00499530
                                                                                                                                                                                                                                                • sendto.WS2_32(?,004345C9,?,00000000,?,00000000), ref: 004998A1
                                                                                                                                                                                                                                                  • Part of subcall function 00499673: htons.WS2_32 ref: 004996A7
                                                                                                                                                                                                                                                  • Part of subcall function 00499673: memcpy.MSVCRT ref: 004996E2
                                                                                                                                                                                                                                                  • Part of subcall function 00499673: WSASendTo.WS2_32(?,?,00000002,00000000,00000000,?,?,00000000,00000000), ref: 0049978D
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Sendhtonsmemcpysendtosetsockopt
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2127132522-0
                                                                                                                                                                                                                                                • Opcode ID: acb17f39274908eb3a75d6b6a1cf38dfcc3f3812fae6136a79878b2833094ab6
                                                                                                                                                                                                                                                • Instruction ID: 0a0a356d46407ea81d3dcd84d35bb93082220d09cc361e07516149f597f54b98
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: acb17f39274908eb3a75d6b6a1cf38dfcc3f3812fae6136a79878b2833094ab6
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3B11913250020DABCF11EF65C901AEE3B79AF04318F00446EF91666191DB35AE55DBA5
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0043C094 Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • PostMessageW.USER32(74DF30D0,00008031,00000000,00000000), ref: 0043C10A
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: MessagePost
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 410705778-0
                                                                                                                                                                                                                                                • Opcode ID: 82538d0ff2a1d5e68e874d4a63a7714bd48eb28b32257703348a12ea7d1f6a77
                                                                                                                                                                                                                                                • Instruction ID: 4ae91e2a5266136cf969f58d789734779a84f33cd562e80655f378b2da43ee7c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 82538d0ff2a1d5e68e874d4a63a7714bd48eb28b32257703348a12ea7d1f6a77
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AA011E7C408281DFE7149F60ADC55927BB4F32734DB10E06AE66256232C7754A8DFF04
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0044BF8B Relevance: 1.5, APIs: 1, Instructions: 38networkCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00468618: ??3@YAXPAX@Z.MSVCRT ref: 00468619
                                                                                                                                                                                                                                                • InternetCloseHandle.WININET(00000000), ref: 0044BFE8
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ??3@CloseHandleInternet
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 4067462739-0
                                                                                                                                                                                                                                                • Opcode ID: 37fc8191f5e70f0c25f4572e38e55282ebe3183011d52aab06abc0e576e58eca
                                                                                                                                                                                                                                                • Instruction ID: 655d0073e80e446d6a3aa6120acbe65ac203358a74ad795ffb257db75b2e5e0e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 37fc8191f5e70f0c25f4572e38e55282ebe3183011d52aab06abc0e576e58eca
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5FF081711017818BC321AF6DD881496F7F5FF5A3283144A2ED1EA83752C735A949CB95
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0043C5FF Relevance: 1.5, APIs: 1, Instructions: 37threadCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CreateThread.KERNEL32(?,?,?,?,?,?), ref: 0043C625
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CreateThread
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2422867632-0
                                                                                                                                                                                                                                                • Opcode ID: f9f95c2ab982565c15a3cd51bbe0290331a2329acef78f87bd41ad26f2844460
                                                                                                                                                                                                                                                • Instruction ID: a5dbc5bf66bed7fef54cfbb71693aa2dd1a914a8d7f538e43ecbd3afa9e4c24c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f9f95c2ab982565c15a3cd51bbe0290331a2329acef78f87bd41ad26f2844460
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F7F03C36A00118BBCF01DF99D841ADE7BB9BF9C754F00406AFE04B7250D7349A159BD4
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0046FC81 Relevance: 1.5, APIs: 1, Instructions: 27fileCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(?,00008000,00000000,00000000,00000030,00000000,00000000,00000000,0044C067,00000080,00000000,004879A0,0044C623,?,?), ref: 0046FCCB
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CreateFile
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 823142352-0
                                                                                                                                                                                                                                                • Opcode ID: 34be99a4df0659f66ffc45907976650f669dbc34d7c1ceb35c7f5e6f59f355c8
                                                                                                                                                                                                                                                • Instruction ID: 05b2bf8f26c71c4f0cef5e4589d88419b66cc440a61bf23c3ab91a75f3411fe6
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 34be99a4df0659f66ffc45907976650f669dbc34d7c1ceb35c7f5e6f59f355c8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 79F02B33101211AEE32987469C85F57BF9BFBC4310F18D1A5F4444D4E5C374988187A4
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004367AE Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • htonl.WS2_32(?), ref: 004367CF
                                                                                                                                                                                                                                                  • Part of subcall function 00487E9B: htonl.WS2_32(6F), ref: 00487EB8
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: htonl
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2009864989-0
                                                                                                                                                                                                                                                • Opcode ID: 1e364b2bfd3f04ba58fd90b615039b677a82a5ef705239cd6a7185c8800275f1
                                                                                                                                                                                                                                                • Instruction ID: 117ff775301f8ed7cfec1fe82137fee95f3ffb2fb9f924dd971cccc9653e5470
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1e364b2bfd3f04ba58fd90b615039b677a82a5ef705239cd6a7185c8800275f1
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8AE09B3250010567CF10BB3A8C55F6F77995FC431CF15942BB806A7192DAB8DC05C295
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0046F2EE Relevance: 1.5, APIs: 1, Instructions: 25networkCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • WSAWaitForMultipleEvents.WS2_32(00000040,00543998,00000000,00000000,00000000,00000000,0046F3F0), ref: 0046F32A
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: EventsMultipleWait
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1423513418-0
                                                                                                                                                                                                                                                • Opcode ID: e2f881ad0cfbc84b847cf5b4f49557599461724abd8f55d1b20023a1a71182c8
                                                                                                                                                                                                                                                • Instruction ID: 2815389ca5d974158e0503d33da5a0c7906936cffb6ae66d8c8fb6ba13f2635e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e2f881ad0cfbc84b847cf5b4f49557599461724abd8f55d1b20023a1a71182c8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 86E012716441607AEB249B14BE45B8826526713744F510466F982EB2E4E6689DCC4D4E
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0046FA30 Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetFileAttributesW.KERNEL32(00000000,0049FD2C,00459105,?), ref: 0046FA31
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AttributesFile
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3188754299-0
                                                                                                                                                                                                                                                • Opcode ID: c7e71d50e694e8ffbc774fd61fa7f03cb8c02ba1148b86d7ca0ded9769f30fe5
                                                                                                                                                                                                                                                • Instruction ID: 6fe87dcae37de31e638c70758e3c92da20d63baf0a855fcbbbbf760307805aa5
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c7e71d50e694e8ffbc774fd61fa7f03cb8c02ba1148b86d7ca0ded9769f30fe5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 33B092B0522740099A241A782C480272249BA8223BF640F75FCFEC05EAFB38C84AA009
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00442A06 Relevance: 1.5, APIs: 1, Instructions: 10registryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • RegCloseKey.KERNEL32(00000000,?,00443BE0,Software\Wine,004B15A1,80000002,Software\Wine,00020019,00000000,00000019,74DF23A0,?,?,?,004B1623,0046F37F), ref: 00442A10
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Close
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3535843008-0
                                                                                                                                                                                                                                                • Opcode ID: d656e0732be45c8aa06141d7b783103bcc3aa4426a1adeda529f3cb3e35a2039
                                                                                                                                                                                                                                                • Instruction ID: f3813982204b5ae850940b5f19d2ed492c129e3a370f6e81e8cb5ac3dee6d7ca
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d656e0732be45c8aa06141d7b783103bcc3aa4426a1adeda529f3cb3e35a2039
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 36C04C3151522147D7709F59F94476273E85F04362F15045AB880EA145D6A48880869C
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004636FB Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: htonl
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2009864989-0
                                                                                                                                                                                                                                                • Opcode ID: d2d361fb1945c37dd08b306a1a5d2b7db6893008c8cc475ee18869bcd27cd327
                                                                                                                                                                                                                                                • Instruction ID: 46fa1114aaa953b5a613f4146e05428be209c6bcf5b8477c36442426ef901e1a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d2d361fb1945c37dd08b306a1a5d2b7db6893008c8cc475ee18869bcd27cd327
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 43B09B744100409FCB54BF1DD94A44577A1BF00719BC555B8D4474B133E7154528DA9F
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0046B6A3 Relevance: 1.5, APIs: 1, Instructions: 7networkCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • WSAEventSelect.WS2_32(000000FF,00000000,0046C4E2), ref: 0046B6B7
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: EventSelect
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 31538577-0
                                                                                                                                                                                                                                                • Opcode ID: f86917e3cf9e45f6a7b0f956d91ed14e9fefea9c8f5cc0b0c888f408126408d6
                                                                                                                                                                                                                                                • Instruction ID: e218ad44391875df7bcc2c7c28d020dbaa0d4c46a7a2be8c0deb488ee4c4aa13
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f86917e3cf9e45f6a7b0f956d91ed14e9fefea9c8f5cc0b0c888f408126408d6
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3AC04C35004104EBCB029F45DD45905BBA1BB663087148459F0484A139D333C937FF45
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004B165E Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • PostMessageW.USER32(00008004,00000002,00000008,0041314E), ref: 004B166B
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: MessagePost
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 410705778-0
                                                                                                                                                                                                                                                • Opcode ID: 4751a5559e8e79a93ec7f62cf7eaf092ba977d66fe6058a9cbf76736a9c6618c
                                                                                                                                                                                                                                                • Instruction ID: a016b3f85c932d15cb04160304107afc2d3d06307f0581f5481a48de0fab8dc0
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4751a5559e8e79a93ec7f62cf7eaf092ba977d66fe6058a9cbf76736a9c6618c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 55A012B0000441FFFF401700ED09D253624E78070C700801472004407166600808DA18
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0046F963 Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • MoveFileExW.KERNEL32(00000000,00000000,00000003,00419371,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0046F967
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: FileMove
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3562171763-0
                                                                                                                                                                                                                                                • Opcode ID: 62e678050b418ed3269c80eb1cc93f84927cf59ae1a752fe06cb702acdfe88ba
                                                                                                                                                                                                                                                • Instruction ID: 7d1c7d2fccbcf1fe70de56a0e2fbbc147d1f11a834c6aaf3b0a521b258906df2
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 62e678050b418ed3269c80eb1cc93f84927cf59ae1a752fe06cb702acdfe88ba
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B0A002F0A502526AED395B22AE59F26292C97C0B01F00459872056809145A58600C925
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00468618 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ??3@
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 613200358-0
                                                                                                                                                                                                                                                • Opcode ID: 9250c5c465fd37cdc3bd4612cf0d16f04d37af42fff6203653576c9b1180dd0a
                                                                                                                                                                                                                                                • Instruction ID: 45983b04791fe9f6fc8fa831eb551b49d8276c24a9f9c84740e241472f3aab43
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9250c5c465fd37cdc3bd4612cf0d16f04d37af42fff6203653576c9b1180dd0a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0046D7C9 Relevance: 1.3, APIs: 1, Instructions: 80COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3510742995-0
                                                                                                                                                                                                                                                • Opcode ID: d314c687748b0ff49ec5e07ec9b70e220d238a17258fa436978b2bffc5b358d4
                                                                                                                                                                                                                                                • Instruction ID: c962924b8edf1b0bb2182d2e0d31be5cc33ea7725b8d7eaa8c3172a4d43ae804
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d314c687748b0ff49ec5e07ec9b70e220d238a17258fa436978b2bffc5b358d4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 27218071F00706AFDB14DF6AC888A6AB7A9FF44314B04853FE8158B611E7B4EC51CB95
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00468620 Relevance: 1.3, APIs: 1, Instructions: 21COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 004A0163: InterlockedExchange.KERNEL32(00545818,00000001), ref: 004A016E
                                                                                                                                                                                                                                                  • Part of subcall function 004A0163: CloseHandle.KERNEL32(00000000,NoMemoryThread,00000000,00000000,004A0128,?,00000000,?,?,?,?,?,?,00459CFD,00459C7E,?), ref: 004A0193
                                                                                                                                                                                                                                                  • Part of subcall function 004A0163: Sleep.KERNEL32(000003E8,?,?,?,?,?,00459CFD,00459C7E,?,00000000), ref: 004A019E
                                                                                                                                                                                                                                                • malloc.MSVCRT ref: 00468643
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CloseExchangeHandleInterlockedSleepmalloc
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2802248930-0
                                                                                                                                                                                                                                                • Opcode ID: 30639cc934b31972bedbd8304a6321d20bcbef8f0aa1c8a81737a1a473a42ad3
                                                                                                                                                                                                                                                • Instruction ID: 2b6c4b89c3469657e212f24c2f23ca41b30995d4b04d1fd0ab1d710b86758c96
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 30639cc934b31972bedbd8304a6321d20bcbef8f0aa1c8a81737a1a473a42ad3
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 68D09E3261553102DA66662DB9147DF13840B557A5F05425FE844D6741EF4C8D4351DD
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                                Function 0040B546 Relevance: 12.9, APIs: 10, Instructions: 351COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 77b282f096bfa251bfb8414036703c2fa9c1d664324f6931636b6d31c6d16704
                                                                                                                                                                                                                                                • Instruction ID: c2f1fd858a2a5564e36f665f0ac346a20fae99fcdf4db3b0624cf542310b8fc5
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 77b282f096bfa251bfb8414036703c2fa9c1d664324f6931636b6d31c6d16704
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1BE124B5D0020A9FCB04DFA9C985BEEBBB4FB08304F10412AE955B7391D739A941DF99
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004DEB2E Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44encryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CryptAcquireContextW.ADVAPI32(00000000,00000000,Microsoft Base Cryptographic Provider v1.0,00000001,F0000020,00000000,00000000,00000000,oV,004DEBA5,-00000050,-00000050,004EB083,-00000050), ref: 004DEB51
                                                                                                                                                                                                                                                • CryptAcquireContextW.ADVAPI32(00000000,00000000,Microsoft Base Cryptographic Provider v1.0,00000001,F0000028), ref: 004DEB64
                                                                                                                                                                                                                                                • CryptGenRandom.ADVAPI32(00000000,?,?), ref: 004DEB7A
                                                                                                                                                                                                                                                • CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 004DEB8A
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Crypt$Context$Acquire$RandomRelease
                                                                                                                                                                                                                                                • String ID: Microsoft Base Cryptographic Provider v1.0$oV
                                                                                                                                                                                                                                                • API String ID: 685801729-3820232707
                                                                                                                                                                                                                                                • Opcode ID: f3daa506dbcfa04b64c6c9e2ce20fa6b22eed1733c00750220947cecd440a3a9
                                                                                                                                                                                                                                                • Instruction ID: 18e72ad294997c69dd75142d39f90844a1a83556541f57a08e0fdf808d870bf1
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f3daa506dbcfa04b64c6c9e2ce20fa6b22eed1733c00750220947cecd440a3a9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EDF0A436940224F7EF20E652CD45F8F7B6CEB45711F100023F901BA251D6B8BE4097A8
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0046F337 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 129sleepCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 0046F342
                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 0046F36F
                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000019,?,?,?,?,?,?,?,?,?,?,?,0046F4F1), ref: 0046F384
                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 0046F3A5
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CountTick$Sleep
                                                                                                                                                                                                                                                • String ID: #.'f
                                                                                                                                                                                                                                                • API String ID: 4250438611-3741631022
                                                                                                                                                                                                                                                • Opcode ID: 51a51a2bff8103546129479b94ceabf9b5e2f45b04961970e68dd785c2616d27
                                                                                                                                                                                                                                                • Instruction ID: fea66f8f8180269b15010c85c1ca9a3a1de86c56fec6988f8bb0eb06049ebec8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 51a51a2bff8103546129479b94ceabf9b5e2f45b04961970e68dd785c2616d27
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A9418C719083419FD714EF26E49526EB7E5AFA5308F00442FF4C587262EB3C8989CB9B
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004745FB Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 199COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ??3@
                                                                                                                                                                                                                                                • String ID: #.'f$Sending Piece %d:%d->%d
                                                                                                                                                                                                                                                • API String ID: 613200358-2282514626
                                                                                                                                                                                                                                                • Opcode ID: d0d20003c8fc5901171833b14badd352a7b3d7770425905f26e42e3f7861c08f
                                                                                                                                                                                                                                                • Instruction ID: 5f4faa352674cdac14e8201e27559bdb7c822b9943f894496aa6f1a749fef33d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d0d20003c8fc5901171833b14badd352a7b3d7770425905f26e42e3f7861c08f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6781B3357042409FC719DF29C884BEABBE2AF96304F09C15EF88D4B3A2C774A954CB95
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00470087 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 57fileCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(00000000,?,00544B18,004EF29C,00000000), ref: 004700B9
                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,?,00000004), ref: 004700F9
                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00470104
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Find$File$CloseFirstNext
                                                                                                                                                                                                                                                • String ID: *.*
                                                                                                                                                                                                                                                • API String ID: 3541575487-438819550
                                                                                                                                                                                                                                                • Opcode ID: 32b92a82d505ef089d9ebc9930af23b12624a91301d77dd780cdeb379ea08e46
                                                                                                                                                                                                                                                • Instruction ID: aa35c6390894ad874ec2c967b33fe34b7225816b04e8cdad2c5e82b4bb56f28e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 32b92a82d505ef089d9ebc9930af23b12624a91301d77dd780cdeb379ea08e46
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 34116F72A00144EBCB00EFB5ECC49EFB779EF94314F10457AE605D7251EA348E408758
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0040C75D Relevance: 6.3, APIs: 4, Instructions: 309COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00469300: GetSystemTime.KERNEL32(0041FA44,0041FA44,UDP), ref: 0046930A
                                                                                                                                                                                                                                                • __aulldiv.LIBCMT ref: 0040C838
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: SystemTime__aulldiv
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2292737093-0
                                                                                                                                                                                                                                                • Opcode ID: ae9ec6fecf141e6368024c0ca9dc3246b81384f19d1abf27cb06f564cfca6f0d
                                                                                                                                                                                                                                                • Instruction ID: b365c76e1ce1324c385484e9a8790d80150b24e60dafc2b98362126fe80f1823
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ae9ec6fecf141e6368024c0ca9dc3246b81384f19d1abf27cb06f564cfca6f0d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 31C17B71A0060ADBCB24DF64C4D17EEB7B1BB85309F24863ED566B3381D7786941CB88
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0048EB21 Relevance: 5.3, APIs: 4, Instructions: 309COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000,00F32C08,?,?,?,?,?,?,?,?,00490A33,00000000,?,00000000), ref: 0048EB81
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00490A33,00000000,?,00000000), ref: 0048EBAF
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00490A33,00000000,?,00000000), ref: 0048EBDD
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00490A33,00000000,?,00000000), ref: 0048EC0B
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ErrorLast
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1452528299-0
                                                                                                                                                                                                                                                • Opcode ID: 248f299ea3c1fc5edfe3c6c5a132708a0c5ec646d43e2ca7812668589be4a1b2
                                                                                                                                                                                                                                                • Instruction ID: 22382d23e3f1dee66abb85dc24256163962d1deba5d996082dd34d4843de8b77
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 248f299ea3c1fc5edfe3c6c5a132708a0c5ec646d43e2ca7812668589be4a1b2
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 59C1D274D006558BCF21EFA684813FEBBF1AF5A318F04086FD891A7392C7386946DB59
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00485CB7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57sleepCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • Sleep.KERNEL32(000000C8,00000000,?,?,00000000,?,?,?,?,?,?,?,0048F99D), ref: 00485D11
                                                                                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 00485D51
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ExitProcessSleep
                                                                                                                                                                                                                                                • String ID: 2
                                                                                                                                                                                                                                                • API String ID: 911557368-450215437
                                                                                                                                                                                                                                                • Opcode ID: 39f34446d22ec326b57d767dfb026a072816e323d35113b3fb4725a0d539a389
                                                                                                                                                                                                                                                • Instruction ID: 1e74e678029975763cf443ba36e53f29e99993154fd68a07d0067479457cb367
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 39f34446d22ec326b57d767dfb026a072816e323d35113b3fb4725a0d539a389
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5D016D32D001149BCB017B6A9C8D6EEB7F99B4530CF14483FE802A71A2DB7E5D45936D
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00470646 Relevance: 37.0, APIs: 12, Strings: 9, Instructions: 217stringCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: strchr$_strnicmp$atoimemchrstrrchr
                                                                                                                                                                                                                                                • String ID: btresource$btresource://$feed://$http$http://$https$https://$udp$udp://
                                                                                                                                                                                                                                                • API String ID: 1133942460-3240269518
                                                                                                                                                                                                                                                • Opcode ID: dc7268ee4de8c7e1b43488ab89e402f79f3807005c75049703a00ef3bc623509
                                                                                                                                                                                                                                                • Instruction ID: cdd5ddbc0b9aae4ea69e7fb306770d04e13e0400ceef37cc916ed79a2789f378
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dc7268ee4de8c7e1b43488ab89e402f79f3807005c75049703a00ef3bc623509
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FD612371601301DBDB24AE36C885BAB77E5AF90348F10882FE54A87382EB7CE9458759
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004631B6 Relevance: 33.3, APIs: 10, Strings: 9, Instructions: 63libraryloaderCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(Iphlpapi.dll,00000000,00000000,00463660,?,00000000), ref: 004631CB
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetAdaptersInfo), ref: 004631ED
                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32 ref: 004631FE
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(GetIfTable), ref: 00463217
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(GetIfEntry), ref: 0046322D
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(GetBestInterface), ref: 00463243
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(GetBestInterfaceEx), ref: 00463259
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(GetIpAddrTable), ref: 0046326B
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(GetAdaptersAddresses), ref: 00463281
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(GetExtendedTcpTable), ref: 00463293
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AddressProc$Library$FreeLoad
                                                                                                                                                                                                                                                • String ID: GetAdaptersAddresses$GetAdaptersInfo$GetBestInterface$GetBestInterfaceEx$GetExtendedTcpTable$GetIfEntry$GetIfTable$GetIpAddrTable$Iphlpapi.dll
                                                                                                                                                                                                                                                • API String ID: 2449869053-1750937965
                                                                                                                                                                                                                                                • Opcode ID: 60cd1b4f20c5bfd2ae87f6a7604f36529713f539ad29776551e40efd28864407
                                                                                                                                                                                                                                                • Instruction ID: 26766971a7b7aecb5f15ae388f6a7cf4a1a63f693444c4811c48b9b89f6f032f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 60cd1b4f20c5bfd2ae87f6a7604f36529713f539ad29776551e40efd28864407
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E3116AB8942214ABCB017F21EC45995BEF1BB6B78A32108B7F000D2230E7794748BF49
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0049B5DD Relevance: 31.8, APIs: 13, Strings: 5, Instructions: 303memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(TCP), ref: 0049B6A2
                                                                                                                                                                                                                                                • _wcsicmp.MSVCRT ref: 0049B705
                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 0049B744
                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 0049B761
                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 0049B783
                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 0049B792
                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 0049B7D3
                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 0049B814
                                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 0049B853
                                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(TCP), ref: 0049B86C
                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 0049B8CA
                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 0049B8DC
                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 0049B8EA
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: String$Free$Alloc$_wcsicmp
                                                                                                                                                                                                                                                • String ID: %s (%s)$BitTorrent$TCP$UDP$UDP
                                                                                                                                                                                                                                                • API String ID: 779089844-471818456
                                                                                                                                                                                                                                                • Opcode ID: 34ac72f24dd01482abf5fdf98aa1277c7bfe46b8f60fc013233e25e19889d1fc
                                                                                                                                                                                                                                                • Instruction ID: 14579dce072ed67f9fe58611baf4cefd4b371c8ba661a59eba23303da2beb464
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 34ac72f24dd01482abf5fdf98aa1277c7bfe46b8f60fc013233e25e19889d1fc
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 00B16D74A0024AAFCF00EFA5D9889AEBBB9FF49305B14447AF811E7251C7399D05CFA4
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004213DF Relevance: 29.9, APIs: 1, Strings: 16, Instructions: 104COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: atof
                                                                                                                                                                                                                                                • String ID: Qv@$bframes$bufsize$coder0$crf$flags2$fps$level$partitions$video_bitrate$video_codec$video_maxrate$video_x$video_y$vprofile$x264opts
                                                                                                                                                                                                                                                • API String ID: 3079814387-455623075
                                                                                                                                                                                                                                                • Opcode ID: 12cf33434afaba81f9112a6f8d8a0fe91e1d157d344a19492f37e80edc85c60d
                                                                                                                                                                                                                                                • Instruction ID: ad1e1c3ef976b2a841691939430ae1020401e0ca9aac0599902ee4988e30d37c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 12cf33434afaba81f9112a6f8d8a0fe91e1d157d344a19492f37e80edc85c60d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 323165B0B00344EADB147A77489693BE6DF9E907483150C2F7142AB7E2DAFC9C10479D
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004DCF1E Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 166threadCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 004DCF54
                                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 004DCF8D
                                                                                                                                                                                                                                                  • Part of subcall function 004A227F: GetCurrentProcessId.KERNEL32(00000000,?,?,?,?,?,?,?,004DD0D1,00533C88), ref: 004A229D
                                                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(00000000,?,?,?,?,?,?,?), ref: 004DCFE5
                                                                                                                                                                                                                                                • IsBadHugeReadPtr.KERNEL32(?,00000004), ref: 004DD031
                                                                                                                                                                                                                                                • GetVersionExA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 004DD085
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Current$CountHandleHugeModuleProcessReadThreadTickVersion
                                                                                                                                                                                                                                                • String ID: %.X,$&bs=%.8X$&bt=%ld$&dlls=%s$&ec=%.8X&ea=%.8X&eip=%.8X&ebx=%.8X$&os=%d.%d.%d.%d.%s$&st=$&tid=$ut=%ld
                                                                                                                                                                                                                                                • API String ID: 8213651-954767211
                                                                                                                                                                                                                                                • Opcode ID: cd0a66d397adef866f527a1b91a061926536b45fb54eb2e64036c29cd361fe9e
                                                                                                                                                                                                                                                • Instruction ID: bbf85b6e7dc2b66be00a3b25b3f9acb8f83bf4a51e6e36dae08ac27c0fe810b2
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cd0a66d397adef866f527a1b91a061926536b45fb54eb2e64036c29cd361fe9e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7451C8B2E001146FE720AB398C59EEF3EA9EB54308F144516F819D6342D77CCE52C7AA
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0043C12D Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 128stringCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Versionstrncpy
                                                                                                                                                                                                                                                • String ID: &%s$h=%s$ht=%d$http://update.utorrent.com/hang.php$li=%s$p=%s$seq=%u$svp=%d$v=%d$ver=%d$w=%X
                                                                                                                                                                                                                                                • API String ID: 2163809175-2218507491
                                                                                                                                                                                                                                                • Opcode ID: da67b9cc3d0e81e9ad8432088d8844900a42db8fa52dd2b5ffd92ee6cde42a28
                                                                                                                                                                                                                                                • Instruction ID: 84018560de0ba34c1e82fdab8e640fef534d965ab9bd87095202bb629972bdbc
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: da67b9cc3d0e81e9ad8432088d8844900a42db8fa52dd2b5ffd92ee6cde42a28
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 51416571D00208ABDB51DFA5C845AEFBBF5FF44304F01846AE609B7241DB78AA49CF95
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00438EF7 Relevance: 22.7, APIs: 18, Instructions: 214COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ??2@
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1033339047-0
                                                                                                                                                                                                                                                • Opcode ID: f0d641d00cfed95e935446ea400ac96c0afed1efddf601ed256355f1492d1a7b
                                                                                                                                                                                                                                                • Instruction ID: 1875fd379ab20886ddade05407197ea26d927b036394c4eb80d2357c76e07d26
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f0d641d00cfed95e935446ea400ac96c0afed1efddf601ed256355f1492d1a7b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4551AF69205207B6FF022A668C06EAE7657DF0D725F10901FFD06A92D1CFBDCA10A55E
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0048CBC8 Relevance: 21.2, APIs: 5, Strings: 7, Instructions: 154networkCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • _wcsncoll.MSVCRT ref: 0048CC1E
                                                                                                                                                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 0048CC54
                                                                                                                                                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 0048CD0B
                                                                                                                                                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 0048CD3F
                                                                                                                                                                                                                                                • WSAIoctl.WS2_32(?,98000004,?,0000000C,00000000,00000000,?,00000000,00000000), ref: 0048CD96
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ??2@$Ioctl_wcsncoll
                                                                                                                                                                                                                                                • String ID: 0u$Error contacting WebUI proxy service: %s$Got proxy service response (%S:%d, %Ld bytes): %S$HTTP Error $HTTP Error 400$HTTP Error 401$failed to turn on keep alive
                                                                                                                                                                                                                                                • API String ID: 159552296-3902049313
                                                                                                                                                                                                                                                • Opcode ID: 8d2ad7d06b0b4ff2b943e3b8bbd40a462e9224f0244b293d9a8283fe0113c299
                                                                                                                                                                                                                                                • Instruction ID: 19562ec0f38d28fb93e1793b3de2538f74726230722daab033889830094e64e4
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8d2ad7d06b0b4ff2b943e3b8bbd40a462e9224f0244b293d9a8283fe0113c299
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CE4138306002109BDB10BB76CC86BEE3B91AF45718F00483FF809972E2DB7D8945D7A9
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00412BC3 Relevance: 19.5, APIs: 6, Strings: 5, Instructions: 294COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ??2@$??3@wcschrwcsrchr
                                                                                                                                                                                                                                                • String ID: #.'f$%.*S/scrape%S%cinfo_hash=%.20U$&info_hash=%.20U$/announce$BitTorrent/7600
                                                                                                                                                                                                                                                • API String ID: 3218169405-4058105131
                                                                                                                                                                                                                                                • Opcode ID: 39f6caf8dbaa1b008e8c508f410ebf0c7b9a40dea4c47ef8f436834a28a27215
                                                                                                                                                                                                                                                • Instruction ID: 0199347afb6f403caa2f7c13f53ededcccfc920b5d5784949ebf7487593c2651
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 39f6caf8dbaa1b008e8c508f410ebf0c7b9a40dea4c47ef8f436834a28a27215
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4EB1B171D00248AFCF10EFA5D981AEEBBB5EF05304F14406EE901AB392D779AD85CB59
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0043E6B4 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 211fileCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 004A03C0: memcpy.MSVCRT ref: 004A0454
                                                                                                                                                                                                                                                  • Part of subcall function 004A03C0: memcpy.MSVCRT ref: 004A047F
                                                                                                                                                                                                                                                  • Part of subcall function 0046FA30: GetFileAttributesW.KERNEL32(00000000,0049FD2C,00459105,?), ref: 0046FA31
                                                                                                                                                                                                                                                • _wcsicmp.MSVCRT ref: 0043E7A5
                                                                                                                                                                                                                                                • MoveFileW.KERNEL32(00000000,00000000), ref: 0043E7EC
                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(00000000,?,?,?,?,00000000,?,?,?), ref: 0043E835
                                                                                                                                                                                                                                                • MoveFileW.KERNEL32(00000000,00000000), ref: 0043E851
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,00000000,?,?,?), ref: 0043E853
                                                                                                                                                                                                                                                • MoveFileW.KERNEL32(00000000,00000000), ref: 0043E8B2
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,00000000,?,?,?), ref: 0043E8BE
                                                                                                                                                                                                                                                • MoveFileW.KERNEL32(00000000,00000000), ref: 0043E8EE
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,00000000,?,?,?), ref: 0043E8F4
                                                                                                                                                                                                                                                • MoveFileW.KERNEL32(00000000,00000000), ref: 0043E90E
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: File$Move$ErrorLast$memcpy$AttributesDelete_wcsicmp
                                                                                                                                                                                                                                                • String ID: %s.%d
                                                                                                                                                                                                                                                • API String ID: 940425504-645285463
                                                                                                                                                                                                                                                • Opcode ID: 0ab2aa731cd9938ca66662f28a647c4d77490839c85494c0c8250ea450ed00e7
                                                                                                                                                                                                                                                • Instruction ID: f9c3ce455520bba9c89b8d2d7facff33c281368b404bffff98556226040d4a41
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0ab2aa731cd9938ca66662f28a647c4d77490839c85494c0c8250ea450ed00e7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 94613375D001059BDF09FBB2DC52AEF77A4EE54304F10096EA812A3192EF399B05C798
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00496D46 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 124fileCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • OpenProcess.KERNEL32(00100C01,00000000,?,linebuf,00000000,suspend,00000000,trnoff,00000000,00000000,00000000,trnfile,00000000,00000000,00000000,tmpfile), ref: 00496E7B
                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000080,00000000), ref: 00496E9D
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CreateFileOpenProcess
                                                                                                                                                                                                                                                • String ID: cmdline$dstfile$linebuf$pid$srcfile$suspend$tmpfile$trnfile$trnoff
                                                                                                                                                                                                                                                • API String ID: 2556342475-2164493119
                                                                                                                                                                                                                                                • Opcode ID: a1366de14fb43d98faee47bde06e8758a6bc3ee759a58c13ab7f7d36257b627b
                                                                                                                                                                                                                                                • Instruction ID: a163d2766a1855303273f2c94875818916274111adbc1227ecbe0e351f1d4803
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a1366de14fb43d98faee47bde06e8758a6bc3ee759a58c13ab7f7d36257b627b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D6418E71640744AEE624FF22CD92D7BB7ADFB54308700492EB083965D2DB78BD04CBA4
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00468BFB Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 112networkCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 0046DA5A: socket.WS2_32(00000010,00000000,00000000), ref: 0046DA69
                                                                                                                                                                                                                                                  • Part of subcall function 0046DA5A: setsockopt.WS2_32(00000000,00000029,00000017,00000017,00000004), ref: 0046DA8F
                                                                                                                                                                                                                                                • WSAGetLastError.WS2_32(00000001,00000000,00000002,00000002,00000000,00000001,-00544B48,00000000,?,?,?,?,?,?,00468E0C,-00544B48), ref: 00468C22
                                                                                                                                                                                                                                                • setsockopt.WS2_32(?,0000FFFF,00000004,-0054497E,00000004), ref: 00468C4C
                                                                                                                                                                                                                                                • inet_addr.WS2_32(239.192.0.0), ref: 00468C73
                                                                                                                                                                                                                                                • inet_addr.WS2_32(0.0.0.0), ref: 00468C7D
                                                                                                                                                                                                                                                • setsockopt.WS2_32(?,00000000,0000000C,00468E0C,00000008), ref: 00468C8F
                                                                                                                                                                                                                                                • setsockopt.WS2_32(?,00000000,00000009,00000000,00000004), ref: 00468CAB
                                                                                                                                                                                                                                                • setsockopt.WS2_32(?,00000000,0000000B,-0054497E,00000004), ref: 00468CC9
                                                                                                                                                                                                                                                • setsockopt.WS2_32(?,00000000,00000004,00000001,00000004), ref: 00468CE8
                                                                                                                                                                                                                                                • setsockopt.WS2_32(?,00000000,0000000A,00000001,00000004), ref: 00468D02
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: setsockopt$inet_addr$ErrorLastsocket
                                                                                                                                                                                                                                                • String ID: 0.0.0.0$239.192.0.0
                                                                                                                                                                                                                                                • API String ID: 950758509-1367888843
                                                                                                                                                                                                                                                • Opcode ID: f848103a89d65f7e56b120bab142ba39e0f5d68a851f1c50a175e0adbf2ed5a8
                                                                                                                                                                                                                                                • Instruction ID: 4218bc0ad668cd8a2342fbec375fc4219a67f0a53775197e38e59b7a1fb5e753
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f848103a89d65f7e56b120bab142ba39e0f5d68a851f1c50a175e0adbf2ed5a8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FD318371640305BAEB20EBA18D92FBF77B9AF44B00F10055AF711BA1C1EBB49E059769
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0048817B Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 201stringCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ErrorLastatoimemcpystrrchr$strchr
                                                                                                                                                                                                                                                • String ID: 2001:db8::1428:57ab
                                                                                                                                                                                                                                                • API String ID: 851569736-1146639024
                                                                                                                                                                                                                                                • Opcode ID: edec1e715af1809300570120b7f428a6986cc9d4e09666e04049ea5dc0d72e68
                                                                                                                                                                                                                                                • Instruction ID: 240f160c97137202f31b8aa7b6721395ff0cf29bd463998150633fe47406128c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: edec1e715af1809300570120b7f428a6986cc9d4e09666e04049ea5dc0d72e68
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1E610771904648AECF12FFA5C880AEF7BA59F01314F04499FF901AB242DF7D9A46C799
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0049B3D4 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(urn:schemas-upnp-org:device:InternetGatewayDevice:1), ref: 0049B41E
                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 0049B48E
                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 0049B4BB
                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 0049B509
                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 0049B53B
                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 0049B56D
                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 0049B59F
                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 0049B5CE
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • urn:schemas-upnp-org:device:InternetGatewayDevice:1, xrefs: 0049B419
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: String$Free$Variant$AllocClearInit
                                                                                                                                                                                                                                                • String ID: urn:schemas-upnp-org:device:InternetGatewayDevice:1
                                                                                                                                                                                                                                                • API String ID: 3564436086-1940194930
                                                                                                                                                                                                                                                • Opcode ID: f966d26a215b8f7f45dd3307cabbe71710d0ab77ca42b3f089fe004b8a7e5544
                                                                                                                                                                                                                                                • Instruction ID: b9edcc2499a6a281bbc068f8fa2c5c0437b7a7237aea7eaaa1cf774e00e721e5
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f966d26a215b8f7f45dd3307cabbe71710d0ab77ca42b3f089fe004b8a7e5544
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F8612E74A00205BFCF00EFA5D949EAEBBB9EF88718B14446AF401E7250DB74DE01CBA5
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00458465 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 129comCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • OleInitialize.OLE32(00000000), ref: 00458482
                                                                                                                                                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 0045848A
                                                                                                                                                                                                                                                • GetParent.USER32(?), ref: 004584EB
                                                                                                                                                                                                                                                • CreateDirectoryW.KERNEL32(00000000,00000000,?,?,?,?,00458F29,00000000,?,00000000,00000000,00459105,?), ref: 00458501
                                                                                                                                                                                                                                                • StgCreateDocfile.OLE32(00000000,04001012,00000000,00000000,?,?,?,?,00458F29,00000000,?,00000000,00000000,00459105,?), ref: 00458535
                                                                                                                                                                                                                                                • OleCreate.OLE32(00524010,00524020,00000001,00000000,00000000,?,00000000), ref: 0045857C
                                                                                                                                                                                                                                                • OleSetContainedObject.OLE32(?,00000001), ref: 0045858A
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Create$??2@ContainedDirectoryDocfileInitializeObjectParent
                                                                                                                                                                                                                                                • String ID: ie\ie$tmp
                                                                                                                                                                                                                                                • API String ID: 3018698163-3898619089
                                                                                                                                                                                                                                                • Opcode ID: b4409e468c90bb60a2c5aedbe2eb4931eb2cbc6dbb470be8254bb1d2a8322bf9
                                                                                                                                                                                                                                                • Instruction ID: cb623a7f9114889e7abc462f91fa8c4da459a20374c171b8b77f84b8215ae75f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b4409e468c90bb60a2c5aedbe2eb4931eb2cbc6dbb470be8254bb1d2a8322bf9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4541D770200205ABDB109B22C895F6A7BE9EF48305F10452EBD469B293DF78EC49CB68
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0043DF71 Relevance: 15.1, APIs: 3, Strings: 7, Instructions: 73stringCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: strstr
                                                                                                                                                                                                                                                • String ID: Duration:$Error$Input $Output $Stream #$frame$time=
                                                                                                                                                                                                                                                • API String ID: 1392478783-2086738423
                                                                                                                                                                                                                                                • Opcode ID: ce938f767852e8eead72bc2141708f0bdf72bfa84c10d6e6c84f50bac6e74909
                                                                                                                                                                                                                                                • Instruction ID: 521a0e7222190624d769c6853d37a24366d7a532b9ac6f76748d0751d377b7a5
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ce938f767852e8eead72bc2141708f0bdf72bfa84c10d6e6c84f50bac6e74909
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8011A08170425216DE2836339D26A3E025A8F85769F244D2FF6439F7C3DF9CC852938E
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0041104F Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 267COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000,00000000,00000000,00000000,?,00544B18,00000000), ref: 0041106D
                                                                                                                                                                                                                                                  • Part of subcall function 00408F9C: ??3@YAXPAX@Z.MSVCRT ref: 00408FE2
                                                                                                                                                                                                                                                  • Part of subcall function 00468618: ??3@YAXPAX@Z.MSVCRT ref: 00468619
                                                                                                                                                                                                                                                  • Part of subcall function 004263C5: ??3@YAXPAX@Z.MSVCRT ref: 004263E2
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000,00000000,00000000,00000000,?,00544B18,00000000), ref: 00411089
                                                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT ref: 00411158
                                                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT ref: 004112B8
                                                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT ref: 004112D0
                                                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT ref: 004112E8
                                                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT ref: 0041141C
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ??3@$ErrorLast
                                                                                                                                                                                                                                                • String ID: Ky@
                                                                                                                                                                                                                                                • API String ID: 1327704363-196032540
                                                                                                                                                                                                                                                • Opcode ID: 3b3dddb40bf3794dfb3f06bc33ffb48ea60dac46d38a3dbb60f16daee2b5f9a8
                                                                                                                                                                                                                                                • Instruction ID: 67d8fa174e360dbfdd1087f8453543d6d700b71c7670f415fa509b602321425d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3b3dddb40bf3794dfb3f06bc33ffb48ea60dac46d38a3dbb60f16daee2b5f9a8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 55B11F345016018FC724FF75C895AEEB3A2BF94308F50086FE1AA572A2DF797985CB49
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00412753 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 216COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ??3@
                                                                                                                                                                                                                                                • String ID: #.'f$HTTP Error 404$complete$downloaded$failure reason$files$incomplete
                                                                                                                                                                                                                                                • API String ID: 613200358-3294464263
                                                                                                                                                                                                                                                • Opcode ID: 97e0231bce84830faddfacf0e5b2c3c19c969f00e343f3e2a89fd091ea244294
                                                                                                                                                                                                                                                • Instruction ID: 3260d03068b2ce0c2dbe020dcc7666d18bc8acfd71d272aef054e7315d4c68ed
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 97e0231bce84830faddfacf0e5b2c3c19c969f00e343f3e2a89fd091ea244294
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7981B374A002499FCB14FF69C9C19AEB3B1FF44304B20486FE552AB752C778E9A4CB58
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0046680B Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 214windowthreadCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 004A10E3: GetModuleHandleA.KERNEL32(kernel32.dll,00000000,00000000,004DD12F,?,?,000007D0), ref: 004A10EA
                                                                                                                                                                                                                                                  • Part of subcall function 004A10E3: LoadLibraryA.KERNEL32(kernel32.dll), ref: 004A10F5
                                                                                                                                                                                                                                                  • Part of subcall function 004A10E3: GetProcAddress.KERNEL32(00000000,OpenThread), ref: 004A1101
                                                                                                                                                                                                                                                • memset.MSVCRT ref: 0046688D
                                                                                                                                                                                                                                                • LoadIconW.USER32(00000000,00007F02), ref: 00466978
                                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00466A4B
                                                                                                                                                                                                                                                • SetWindowsHookExW.USER32(00000005,004667A3,00000000,00000000), ref: 00466A5B
                                                                                                                                                                                                                                                • MessageBoxW.USER32(?,?,00000000,?), ref: 00466A81
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Load$AddressCurrentHandleHookIconLibraryMessageModuleProcThreadWindowsmemset
                                                                                                                                                                                                                                                • String ID: O$TaskDialogIndirect$comctl32.dll
                                                                                                                                                                                                                                                • API String ID: 1534884872-2564272669
                                                                                                                                                                                                                                                • Opcode ID: 744483c9c593243ee22e19c5e29aaa9b799ff0036687596dc7f201e8e8f93c40
                                                                                                                                                                                                                                                • Instruction ID: a10edd38a9d2eb6df87fcae37208367f1d724933d29a51aa49b4adc189d5ee1f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 744483c9c593243ee22e19c5e29aaa9b799ff0036687596dc7f201e8e8f93c40
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3E8180B19003499FDB20CF59C8457AA7BE4EF41304F15802BED459B391E778DA88DF5A
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004A1487 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CountInfoInputLastTick
                                                                                                                                                                                                                                                • String ID: dwmapi.dll
                                                                                                                                                                                                                                                • API String ID: 3478931382-3558095503
                                                                                                                                                                                                                                                • Opcode ID: ba9656d80d84fbdbd107dad03ab01aed3ae01f6729b0858bd2b85d8e4e0287e8
                                                                                                                                                                                                                                                • Instruction ID: 5010aca74c4e042f762bf4af03c4e4a7c69d5483f250aa58af498bbb66e3a902
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ba9656d80d84fbdbd107dad03ab01aed3ae01f6729b0858bd2b85d8e4e0287e8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CC310B31C00304BBCF10AFE5C8854AE7BA9ABA7344F14087FE502A7272D6398D85D75A
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004B49DC Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 346windowlibraryloaderCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • PostMessageW.USER32(0000800B,00000001,00000000), ref: 004B4E3A
                                                                                                                                                                                                                                                • PostMessageW.USER32(0000800B,00000000,00000000), ref: 004B4E64
                                                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(kernel32,SetThreadExecutionState,?,?,?,?,00490A29,00000000,?,00000000), ref: 004B4EAA
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 004B4EB1
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: MessagePost$AddressHandleModuleProc
                                                                                                                                                                                                                                                • String ID: SetThreadExecutionState$kernel32
                                                                                                                                                                                                                                                • API String ID: 835053856-1433392259
                                                                                                                                                                                                                                                • Opcode ID: 119df59a956db84edcae70879b9dbeca1e42665b33f4f873764936a1cd780b81
                                                                                                                                                                                                                                                • Instruction ID: 5687453806633fe2ca95aa5469e81f019cbc3839e8deb6d1f24e1fc337897fce
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 119df59a956db84edcae70879b9dbeca1e42665b33f4f873764936a1cd780b81
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FBE19038605B41CFD7108F22FD946A27BF4FBA6708B104469D486976B2D334D9A8EF1D
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004898C5 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 155COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: __aulldvrm
                                                                                                                                                                                                                                                • String ID: .$0$0$0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ$0123456789abcdefghijklmnopqrstuvwxyz
                                                                                                                                                                                                                                                • API String ID: 1302938615-1972522466
                                                                                                                                                                                                                                                • Opcode ID: b341c2f74c1d21e06985e9da8370495a356a94033cecccf16d46963afb04a078
                                                                                                                                                                                                                                                • Instruction ID: 9716e8dec98437b2217b9bca5fa46e83075923f0a355f7c321471b3f34fc467b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b341c2f74c1d21e06985e9da8370495a356a94033cecccf16d46963afb04a078
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DC5109B0104B895AEF15BEA98885BFF7B95AB15348F1C485FED4187381C3BC8D45C359
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0048F781 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 141COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 0046FA47: GetFileAttributesW.KERNEL32(00000000,0048F7BE), ref: 0046FA48
                                                                                                                                                                                                                                                • InterlockedIncrement.KERNEL32(00544B18), ref: 0048F7E3
                                                                                                                                                                                                                                                • InterlockedDecrement.KERNEL32(00544B18), ref: 0048F918
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Interlocked$AttributesDecrementFileIncrement
                                                                                                                                                                                                                                                • String ID: #.'f$%s\%s$*.dat$global_resume.dat
                                                                                                                                                                                                                                                • API String ID: 2532493672-1863533152
                                                                                                                                                                                                                                                • Opcode ID: 5f338999812bf05b0e2d569964b563adf8923c9342d45fe96d1d353a7015cec7
                                                                                                                                                                                                                                                • Instruction ID: 6cf89af6ed238c9ca3f3ad1f64d86c28f2cc04e911f26a7fe370545481952c65
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5f338999812bf05b0e2d569964b563adf8923c9342d45fe96d1d353a7015cec7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 79515C70D002599BDF04FFA6D8919EDBBB1FF54308F40496FE412A3292DB385A09CB59
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00456CC7 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 124memorywindowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 00456DBF
                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 00456DD6
                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00008040,00000000,?), ref: 00456DEF
                                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000005,?,00008040,00000000,?), ref: 00456DFA
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: String$AllocFreeMessagePostShowWindow
                                                                                                                                                                                                                                                • String ID: %c%S$%cport=%d&pair=%H
                                                                                                                                                                                                                                                • API String ID: 2571441716-2960563771
                                                                                                                                                                                                                                                • Opcode ID: 490aa469171da70b79cb131723f68cfc15a36a3e410a8cb5c661ab95769f4a4a
                                                                                                                                                                                                                                                • Instruction ID: 28f9adf331712ff5e7623103d059082e16dcf1d9a7dca6c6c0b90c503e80a85d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 490aa469171da70b79cb131723f68cfc15a36a3e410a8cb5c661ab95769f4a4a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2741B3B6900249AFCB00EFA5DC85C9F7BB8EF09344B04486AF955DB212D738D958CB64
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00463798 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 113COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: htonl
                                                                                                                                                                                                                                                • String ID: 10.0.0.0$127.0.0.0$169.254.0.0$172.16.0.0$192.168.0.0
                                                                                                                                                                                                                                                • API String ID: 2009864989-708011033
                                                                                                                                                                                                                                                • Opcode ID: 2cda20f6a085f7b195a9aaf0f54c930b2c80e58f281e32e39019570054902e5a
                                                                                                                                                                                                                                                • Instruction ID: 7017c258aa3159c397c322ea2238961d13e12760d4ed7ff91decc6bfd8d0724c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2cda20f6a085f7b195a9aaf0f54c930b2c80e58f281e32e39019570054902e5a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9541FAB59012845ACB10EF6499513E6FBE19B6271EF18403FE401973B1E77C1B0DA74A
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00458C03 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 110memorywindowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 00458CD4
                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 00458CEB
                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00008040,00000000,?), ref: 00458D04
                                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000005,?,00008040,00000000,?,?,?), ref: 00458D0F
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: String$AllocFreeMessagePostShowWindow
                                                                                                                                                                                                                                                • String ID: btresource://%H/index.html$text/html
                                                                                                                                                                                                                                                • API String ID: 2571441716-919014309
                                                                                                                                                                                                                                                • Opcode ID: 74a5be296a88f6d85c82f65aca3baa72a2627f42e61f8f019874cc8408c3ea89
                                                                                                                                                                                                                                                • Instruction ID: eea0ad55a125a3feb2f6758f5b20110d495126b1cd969d3752f2bc2671ed906c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 74a5be296a88f6d85c82f65aca3baa72a2627f42e61f8f019874cc8408c3ea89
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A1417F71900109EFCB14FF66CC85DAEB7B8EF54309B00486EB506E7151DF38AA09CB64
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004A1E16 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 56timeCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetDateFormatA.KERNEL32(00000400,00000000,00000000,yyyy'-'MM'-'dd,?,00000030,00000000,00540130), ref: 004A1E45
                                                                                                                                                                                                                                                • GetTimeFormatA.KERNEL32(00000400,00000000,00000000,HH':'mm':'ss',?,00000030), ref: 004A1E64
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Format$DateTime
                                                                                                                                                                                                                                                • String ID: $%.2d:%.2d:%.2d$HH':'mm':'ss'$yyyy'-'MM'-'dd
                                                                                                                                                                                                                                                • API String ID: 2545834208-2972950147
                                                                                                                                                                                                                                                • Opcode ID: 15c5389458544cc56d4c01d0035a34ed3324e53bd1253fb9c1ecafd5c090dcc7
                                                                                                                                                                                                                                                • Instruction ID: 842abdc43305f75336e0d73016b67cb057c3cc45a45b62eb9cfdae014a067f86
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 15c5389458544cc56d4c01d0035a34ed3324e53bd1253fb9c1ecafd5c090dcc7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4D11A5B5504348BAD720EB65DC46FEF3BECAF45748F00042AF906AB1D1D7789A44C7A9
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004DD0F8 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 51threadinjectionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 004A10E3: GetModuleHandleA.KERNEL32(kernel32.dll,00000000,00000000,004DD12F,?,?,000007D0), ref: 004A10EA
                                                                                                                                                                                                                                                  • Part of subcall function 004A10E3: LoadLibraryA.KERNEL32(kernel32.dll), ref: 004A10F5
                                                                                                                                                                                                                                                  • Part of subcall function 004A10E3: GetProcAddress.KERNEL32(00000000,OpenThread), ref: 004A1101
                                                                                                                                                                                                                                                • SuspendThread.KERNEL32(00000000), ref: 004DD143
                                                                                                                                                                                                                                                • GetThreadContext.KERNEL32(00000000,00000000), ref: 004DD150
                                                                                                                                                                                                                                                  • Part of subcall function 004DCF1E: GetTickCount.KERNEL32 ref: 004DCF54
                                                                                                                                                                                                                                                  • Part of subcall function 004DCF1E: GetCurrentThreadId.KERNEL32 ref: 004DCF8D
                                                                                                                                                                                                                                                  • Part of subcall function 004DCF1E: GetModuleHandleA.KERNEL32(00000000,?,?,?,?,?,?,?), ref: 004DCFE5
                                                                                                                                                                                                                                                  • Part of subcall function 004DCF1E: IsBadHugeReadPtr.KERNEL32(?,00000004), ref: 004DD031
                                                                                                                                                                                                                                                • ResumeThread.KERNEL32(00000000), ref: 004DD16A
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 004DD171
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Thread$Handle$Module$AddressCloseContextCountCurrentHugeLibraryLoadProcReadResumeSuspendTick
                                                                                                                                                                                                                                                • String ID: OpenThread$kernel32.dll
                                                                                                                                                                                                                                                • API String ID: 3880078393-2329025857
                                                                                                                                                                                                                                                • Opcode ID: 2a9719597e3f990cc882f46dcfeb095f549e027a9555b8e5ff79897e9693ed5b
                                                                                                                                                                                                                                                • Instruction ID: ced29901af2100542b511fb8ad75c7b135f8277265287032dcd4998955ca4eb1
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2a9719597e3f990cc882f46dcfeb095f549e027a9555b8e5ff79897e9693ed5b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1801DF31A00104BBC3116BAA9C98ABFBBB9EFC4750F24412FF454D7391EB788D428769
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00415EFA Relevance: 9.2, APIs: 3, Strings: 2, Instructions: 447COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • <no message>, xrefs: 0041619D, 004161A2
                                                                                                                                                                                                                                                • WARNING: avoiding connecting to web seed because it's blocked by policy '%s', xrefs: 004161A3
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ??2@??3@htonl
                                                                                                                                                                                                                                                • String ID: <no message>$WARNING: avoiding connecting to web seed because it's blocked by policy '%s'
                                                                                                                                                                                                                                                • API String ID: 757347809-2343564329
                                                                                                                                                                                                                                                • Opcode ID: b1edfb882d02eddc85ec8e5b4db8b689aad0a28c6d79e3f40b11aafff7ed0744
                                                                                                                                                                                                                                                • Instruction ID: 9d72d93cd2cb2d4a988a5ea19c1bc9fa999100ed67f27cf87a25b79b1fc4d1d0
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b1edfb882d02eddc85ec8e5b4db8b689aad0a28c6d79e3f40b11aafff7ed0744
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0B02D130A006449ADF25EF64C4457EE7BB1AF05308F0944AFED96AB3D2C779E985CB48
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00496FBF Relevance: 9.1, APIs: 6, Instructions: 138stringfileCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • ReadFile.KERNEL32(?,00000BB7,00000BB7,00000000,00000000,00000000,00000014,00000000,00000000,?,00000000,?,?), ref: 00496FF6
                                                                                                                                                                                                                                                • strchr.MSVCRT ref: 00497023
                                                                                                                                                                                                                                                • strchr.MSVCRT ref: 00497033
                                                                                                                                                                                                                                                • memmove.MSVCRT ref: 00497073
                                                                                                                                                                                                                                                • strchr.MSVCRT ref: 0049707B
                                                                                                                                                                                                                                                • strchr.MSVCRT ref: 0049708C
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: strchr$FileReadmemmove
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 4120803536-0
                                                                                                                                                                                                                                                • Opcode ID: 6b639c5466f70c3fcb728b34c280e0b8610efe74dc405024a5487e7a5a5d1e5e
                                                                                                                                                                                                                                                • Instruction ID: 42b8f82556bd38ca2089a9680bb5ba34be6e3b569abe8e714a8b45fa35411395
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6b639c5466f70c3fcb728b34c280e0b8610efe74dc405024a5487e7a5a5d1e5e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3C411371504305ABDB15DF69D885BAB7BA8AF40314F10006FE88297282EF79EA498758
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00450C94 Relevance: 9.1, APIs: 6, Instructions: 115COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 0046B834: GetCurrentThreadId.KERNEL32 ref: 0046B844
                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 00450CD3
                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(004575B4), ref: 00450CD9
                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(00000000), ref: 00450CDF
                                                                                                                                                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 00450CE3
                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(00000000), ref: 00450D8A
                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(004575B4), ref: 00450D94
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Variant$Init$Clear$??2@CurrentThread
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1710821300-0
                                                                                                                                                                                                                                                • Opcode ID: 70ef58a10777cd19035b0facacddb0c52296f08359a555f44a3c9cb1c2567952
                                                                                                                                                                                                                                                • Instruction ID: 02c032f0fc8559e573bc776637b8d01924d11e354a2bd6abb0217f3b7a2ab221
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 70ef58a10777cd19035b0facacddb0c52296f08359a555f44a3c9cb1c2567952
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7B316271900218AFDB10DFA5CC85FDE7BB8EF49310F004526F905EB291E774A945CB95
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0044E847 Relevance: 9.1, APIs: 6, Instructions: 57memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • SafeArrayCreate.OLEAUT32(0000000C,00000001,0044F7B2), ref: 0044E864
                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(0044F7B2), ref: 0044E874
                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 0044E892
                                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(00000008), ref: 0044E8A5
                                                                                                                                                                                                                                                • SafeArrayPutElement.OLEAUT32(?,00000000,?), ref: 0044E8B9
                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 0044E8C3
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Variant$ArrayInitSafe$AllocClearCreateElementString
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2971685010-0
                                                                                                                                                                                                                                                • Opcode ID: 48e0cf4ae21035132ab9a28841956e9abcd0a2a473d04a1fff950da43913cfe5
                                                                                                                                                                                                                                                • Instruction ID: 89a5beb2cc5aa8e0361cfaf38496db31606d9fa528b8e86636228d4f7b3dadd6
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 48e0cf4ae21035132ab9a28841956e9abcd0a2a473d04a1fff950da43913cfe5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6E21E475D00209EFDB00EFA5D884A9EB7B8FF08314F108466E915EB251E774AA05CF94
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004388EA Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • InterlockedExchangeAdd.KERNEL32(00542E88,00000001), ref: 00438913
                                                                                                                                                                                                                                                  • Part of subcall function 0043C3B8: RtlEnterCriticalSection.NTDLL(00543978), ref: 0043C3C4
                                                                                                                                                                                                                                                  • Part of subcall function 0043C3B8: RtlEnterCriticalSection.NTDLL(005431B8), ref: 0043C3D0
                                                                                                                                                                                                                                                  • Part of subcall function 0043C3B8: GetCurrentThreadId.KERNEL32 ref: 0043C419
                                                                                                                                                                                                                                                  • Part of subcall function 0043C3B8: GetCurrentThreadId.KERNEL32 ref: 0043C425
                                                                                                                                                                                                                                                  • Part of subcall function 0043C3B8: RtlLeaveCriticalSection.NTDLL(005431B8), ref: 0043C42C
                                                                                                                                                                                                                                                • InterlockedExchangeAdd.KERNEL32(00542E70,?), ref: 00438945
                                                                                                                                                                                                                                                  • Part of subcall function 004371DC: InterlockedExchangeAdd.KERNEL32(00542E14,00000004), ref: 004371EB
                                                                                                                                                                                                                                                  • Part of subcall function 004371DC: InterlockedExchangeAdd.KERNEL32(00542E10,00000001), ref: 004371F3
                                                                                                                                                                                                                                                • InterlockedExchangeAdd.KERNEL32(00542E78,?), ref: 0043895C
                                                                                                                                                                                                                                                • SetEvent.KERNEL32(?), ref: 00438A71
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ExchangeInterlocked$CriticalSection$CurrentEnterThread$EventLeave
                                                                                                                                                                                                                                                • String ID: 4-T
                                                                                                                                                                                                                                                • API String ID: 1474584091-2416925532
                                                                                                                                                                                                                                                • Opcode ID: 59826708654fed8c7f2361b5a3cd47d1f09d03aad633fcdb6a6df21a8f511652
                                                                                                                                                                                                                                                • Instruction ID: 6be125988754c9a984b4ec4a8d85504d9aad263eb368b7e3e28bee8750800f79
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 59826708654fed8c7f2361b5a3cd47d1f09d03aad633fcdb6a6df21a8f511652
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C241E5759003108FCB24EF15DC506A6BBA2FFAA318F95552FF4821B361CB389847DB5A
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0044CBAD Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 116COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                • String ID: VBArray
                                                                                                                                                                                                                                                • API String ID: 2610073882-957783610
                                                                                                                                                                                                                                                • Opcode ID: f4fd36dc4586d5c380cf9fb5be24f8056aed767944a8f84d5284d458492cced2
                                                                                                                                                                                                                                                • Instruction ID: aea3850a8113dddd749b78de54e01201ac6f7472970218568017298b6dcd8256
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f4fd36dc4586d5c380cf9fb5be24f8056aed767944a8f84d5284d458492cced2
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2B41F6B1D01209AFDB04CFE9D8849EFBBB8EF49314F10852AE515E6250E774AA05CBA4
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0041CA47 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 97windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT ref: 0041CA6C
                                                                                                                                                                                                                                                • PostMessageW.USER32(0000802F,00000000,00000000,badge), ref: 0041CB38
                                                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT ref: 0041CB46
                                                                                                                                                                                                                                                  • Part of subcall function 004455E2: ??3@YAXPAX@Z.MSVCRT ref: 004455E8
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ??3@$MessagePost
                                                                                                                                                                                                                                                • String ID: badge$interval
                                                                                                                                                                                                                                                • API String ID: 160855325-2850146669
                                                                                                                                                                                                                                                • Opcode ID: 44eb5a4b4ebcd06c53e8886da7b70a91214b790aee22935ecc613378a32ce8ed
                                                                                                                                                                                                                                                • Instruction ID: 556e29b7fa2a4fe8ce7d74d6221d0e247c14f43490e0ecc49fedfb9395464ff8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 44eb5a4b4ebcd06c53e8886da7b70a91214b790aee22935ecc613378a32ce8ed
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5931B0B1A40705AFCB20DF65EDC29AEBBF5EB04708B10442FE142E3741D778A984CB58
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0049B2C7 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 85COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ??2@CountTick
                                                                                                                                                                                                                                                • String ID: Invalid tracker URL.$UDP Trackers disabled.$>
                                                                                                                                                                                                                                                • API String ID: 1586335746-362377957
                                                                                                                                                                                                                                                • Opcode ID: 13015e868bf25280f8c1b4e1a40649242f06a40c780ac955b67b0e3180c732a2
                                                                                                                                                                                                                                                • Instruction ID: e012321285f1a9367b100574be3407be3b25622a498367b2f636e362245e8568
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 13015e868bf25280f8c1b4e1a40649242f06a40c780ac955b67b0e3180c732a2
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AB21B475A001209BCF11EFA5BD52ABE7B64FB16708740043FE95267292DF7818199BCE
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004099DA Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 67COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: htonl
                                                                                                                                                                                                                                                • String ID: #.'f$Banned$Banned %A until %S$forever
                                                                                                                                                                                                                                                • API String ID: 2009864989-3889974686
                                                                                                                                                                                                                                                • Opcode ID: f9334c13b628d64199da44446376eda5c779bbfd747ee26af792384e2cc761bd
                                                                                                                                                                                                                                                • Instruction ID: f42a1fea6fa647b753fcabe0814e0cae93787c3972e73afe086f80f7264023ff
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f9334c13b628d64199da44446376eda5c779bbfd747ee26af792384e2cc761bd
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 62219271200680ABCB14EB65C811AEB77E4AF15309F04852FE886A73D3DB7CAE04CB59
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004A13DC Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54processCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 004A140C
                                                                                                                                                                                                                                                • Process32FirstW.KERNEL32(00000000,?), ref: 004A142B
                                                                                                                                                                                                                                                  • Part of subcall function 00466AA1: LoadLibraryA.KERNEL32(wininet.dll,00000000,004879A0,?,?,0044C651,00000000,?,?,?,?,?,?,00459CFD,00459C7E,?), ref: 00466AB9
                                                                                                                                                                                                                                                  • Part of subcall function 00466AA1: GetProcAddress.KERNEL32(00000000,wininet.dll), ref: 00466AD3
                                                                                                                                                                                                                                                  • Part of subcall function 00466AA1: GetLastError.KERNEL32(?,?,0044C651,00000000,?,?,?,?,?,?,00459CFD,00459C7E,?,00000000), ref: 00466AEA
                                                                                                                                                                                                                                                • Process32NextW.KERNEL32(00000000,00000024), ref: 004A145F
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 004A1479
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Process32$AddressCloseCreateErrorFirstHandleLastLibraryLoadNextProcSnapshotToolhelp32
                                                                                                                                                                                                                                                • String ID: kernel32.dll
                                                                                                                                                                                                                                                • API String ID: 3403904034-1793498882
                                                                                                                                                                                                                                                • Opcode ID: c4f91f45eb2803b2fab35b6736920920cc3a0d7e6c58af88ce5f0830bf0b30d7
                                                                                                                                                                                                                                                • Instruction ID: 1c433099d6adcda7b0cf93b50a1a94c5b7699425474d6332ba31956abb5162ed
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c4f91f45eb2803b2fab35b6736920920cc3a0d7e6c58af88ce5f0830bf0b30d7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DA11CC30600118BBD7209FB9EC8CAAFB7FCA77F348F60446BE405D2161E6389D458E29
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0041F8F7 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 40COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • fprintf.MSVCRT ref: 0041F936
                                                                                                                                                                                                                                                • fprintf.MSVCRT ref: 0041F950
                                                                                                                                                                                                                                                • fflush.MSVCRT ref: 0041F95B
                                                                                                                                                                                                                                                  • Part of subcall function 004A1E16: GetDateFormatA.KERNEL32(00000400,00000000,00000000,yyyy'-'MM'-'dd,?,00000030,00000000,00540130), ref: 004A1E45
                                                                                                                                                                                                                                                  • Part of subcall function 004A1E16: GetTimeFormatA.KERNEL32(00000400,00000000,00000000,HH':'mm':'ss',?,00000030), ref: 004A1E64
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Formatfprintf$DateTimefflush
                                                                                                                                                                                                                                                • String ID: %s$[%s] %s
                                                                                                                                                                                                                                                • API String ID: 3996786454-4130830515
                                                                                                                                                                                                                                                • Opcode ID: 0cf3886a5a86c6ccfd59eea84d4ceab6882e3fc4869c93518cb6d0e7ea14b01c
                                                                                                                                                                                                                                                • Instruction ID: 11c64f702a333c489ca71db7c00ab00ef50a7bacd39574149ad2d53d4dfd2602
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0cf3886a5a86c6ccfd59eea84d4ceab6882e3fc4869c93518cb6d0e7ea14b01c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E2F08B71400204BBCB15FB53CC06EAE73989F50319F10052FB94656172DF7CAA88C75D
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00422060 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30stringCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: _strcmpi$strrchr
                                                                                                                                                                                                                                                • String ID: .com$.net
                                                                                                                                                                                                                                                • API String ID: 2110963804-1120753515
                                                                                                                                                                                                                                                • Opcode ID: 118b4da08fd19c7c545bfb6bfe9c85e809ee18fe410e43bb0218d2c91240f998
                                                                                                                                                                                                                                                • Instruction ID: 81495ce0c5ed9dd524c237370dfb246b149741c0a6b694ca4102ce3f555a4901
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 118b4da08fd19c7c545bfb6bfe9c85e809ee18fe410e43bb0218d2c91240f998
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 12E0CD6379DBB328613661377D1665703848F01B77365006FF600D52C1EECDC941409C
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0048121F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(psapi.dll,00481270,00000000,00000000,004812D3,?,00437ED2,00000000,00000000,?,00000000,00000000,00000000,?,00000000,02000000), ref: 0048122D
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetProcessMemoryInfo), ref: 00481245
                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?,00437ED2,00000000,00000000,?,00000000,00000000,00000000,?,00000000,02000000,00000000), ref: 0048125A
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                • String ID: GetProcessMemoryInfo$psapi.dll
                                                                                                                                                                                                                                                • API String ID: 145871493-3877371417
                                                                                                                                                                                                                                                • Opcode ID: 979c4ba91e33ca1f293a55bcfd4cd07d5bec2d4b0169749ce6c4f049da20f712
                                                                                                                                                                                                                                                • Instruction ID: f1024ab4f606c7efd3a33dc08c14bef4ad5908505bde8ef91d936ecfe9338d78
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 979c4ba91e33ca1f293a55bcfd4cd07d5bec2d4b0169749ce6c4f049da20f712
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FFE08678441302DACF042B66BC0879A7B68B72134AB8088B3E800D5271DB38C55BAF09
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004A10E3 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(kernel32.dll,00000000,00000000,004DD12F,?,?,000007D0), ref: 004A10EA
                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(kernel32.dll), ref: 004A10F5
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,OpenThread), ref: 004A1101
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                                                                                                                                                • String ID: OpenThread$kernel32.dll
                                                                                                                                                                                                                                                • API String ID: 310444273-2329025857
                                                                                                                                                                                                                                                • Opcode ID: 95b08c295450f640b4ccf319a02ebceafbed6e1747284aa10868418ed559ca23
                                                                                                                                                                                                                                                • Instruction ID: b6910a8d96c439c5a9a79188c1f5b28735512c77b949466aa535ae9459b11b64
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 95b08c295450f640b4ccf319a02ebceafbed6e1747284aa10868418ed559ca23
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DDD0C9366011A16B97201B37BC4CDABBAACEED7662705843AF841D6226DE78C94185B8
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00447393 Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 171COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 00447429
                                                                                                                                                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 00447504
                                                                                                                                                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 00447547
                                                                                                                                                                                                                                                  • Part of subcall function 00447283: ??2@YAPAXI@Z.MSVCRT ref: 0044728C
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ??2@
                                                                                                                                                                                                                                                • String ID: file:///$https:
                                                                                                                                                                                                                                                • API String ID: 1033339047-421304004
                                                                                                                                                                                                                                                • Opcode ID: 9a03a5f8750c425cbf321f3242cc85b21346da2749bad8b5478274a6661ede41
                                                                                                                                                                                                                                                • Instruction ID: ccc32fa0efd63ca8ac1c14c2b0586d59bdd9e9094ea8232620a4e0b5d989bfb1
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9a03a5f8750c425cbf321f3242cc85b21346da2749bad8b5478274a6661ede41
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E451D370604285AFDB11EF78C4419EABFE0AF04344F14485FE4AA8B353DB38E946CB5A
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00499385 Relevance: 7.6, APIs: 5, Instructions: 102COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: __aulldiv$CountTick
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2272423691-0
                                                                                                                                                                                                                                                • Opcode ID: eddb8ec17347eff2f7fd19e8ffadb68bb898c9f88a3e98dbbd605481b801e331
                                                                                                                                                                                                                                                • Instruction ID: 2084aef08a195d1ceaeebbfcf385db87114aec72f0d165f19408d0e7cc13eafe
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: eddb8ec17347eff2f7fd19e8ffadb68bb898c9f88a3e98dbbd605481b801e331
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1A418FB8944340AFCB01CF69EC45A9B7BA9FBAA718F00062EF44493270C3349909EF95
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00472C11 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 98COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                                                                                • String ID: #.'f$3:numi%de$6:filter%d:$8:msg_typei%de
                                                                                                                                                                                                                                                • API String ID: 3510742995-3486655752
                                                                                                                                                                                                                                                • Opcode ID: 9cdc30da5365b64254a796ddb825469ad842b55b9c6a5f6246a4646e6bfa6a71
                                                                                                                                                                                                                                                • Instruction ID: 57d17bed9ce161fa069970eb5600cebc36a7fda47eaff17524c4fc91ab29f743
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9cdc30da5365b64254a796ddb825469ad842b55b9c6a5f6246a4646e6bfa6a71
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DE312872600344AFD710DB79CC41FEEBBE9AF94308F04446EE559D3392D7B86A448B15
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0043CCB8 Relevance: 7.6, APIs: 6, Instructions: 86COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ??2@memset
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1035511824-0
                                                                                                                                                                                                                                                • Opcode ID: 33e634dd109fc36560dbc017bbe9fc5d10a47d14eacbc5aaf77d3b037b921eda
                                                                                                                                                                                                                                                • Instruction ID: 7a2543150106e8984170352c6cb0627c9a172214874a88af9b8e3ea390d81562
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 33e634dd109fc36560dbc017bbe9fc5d10a47d14eacbc5aaf77d3b037b921eda
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FD31A271605B419FE325DF2AD886916BBE1AF45325B00CA2EF0EA9B7E1D774E9048B04
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0049C45D Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 73stringCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: strchr$atoimemcpy
                                                                                                                                                                                                                                                • String ID: http://
                                                                                                                                                                                                                                                • API String ID: 3845716176-1121587658
                                                                                                                                                                                                                                                • Opcode ID: db59c6cfd2c8f87b4bab3fc477d1e1bf29a076fea4ec3f6cc17979e5fe9cf8eb
                                                                                                                                                                                                                                                • Instruction ID: f4118a7cf07608c9bc1b782cd87776457e5838030ff7e30a66029f7b4445dd25
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: db59c6cfd2c8f87b4bab3fc477d1e1bf29a076fea4ec3f6cc17979e5fe9cf8eb
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CC213871600215B6CF109E75C8807FA7BA89F11388F10417BE849A7242D7B8FE0187DD
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00457EB9 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 52COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ??2@
                                                                                                                                                                                                                                                • String ID: zE$!zE$?zE$SzE
                                                                                                                                                                                                                                                • API String ID: 1033339047-287118702
                                                                                                                                                                                                                                                • Opcode ID: 76e6eac79c7858913a06a62f0c49f27002200977fc3e298ca9a2fdb645ff1ba3
                                                                                                                                                                                                                                                • Instruction ID: ac15659f95fc3555d17269f22b1bfcb041aec1bc15f8d869ae820fe19dcff383
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 76e6eac79c7858913a06a62f0c49f27002200977fc3e298ca9a2fdb645ff1ba3
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4F1156B10017489FC721CF2A9540466FBF4AE54714744C91FE98A8B612D3B8E419CF5A
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0043C3B8 Relevance: 7.5, APIs: 5, Instructions: 44threadCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • RtlEnterCriticalSection.NTDLL(00543978), ref: 0043C3C4
                                                                                                                                                                                                                                                • RtlEnterCriticalSection.NTDLL(005431B8), ref: 0043C3D0
                                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 0043C419
                                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 0043C425
                                                                                                                                                                                                                                                • RtlLeaveCriticalSection.NTDLL(005431B8), ref: 0043C42C
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CriticalSection$CurrentEnterThread$Leave
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3476096762-0
                                                                                                                                                                                                                                                • Opcode ID: 35474f90d31593a1f8cab07f4f85810501e0e74ce28638b86a7298497c40546c
                                                                                                                                                                                                                                                • Instruction ID: 7e012595fc6096444b6f3579f6d7fb995ba997b66bce14fbd92c62cb22b89932
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 35474f90d31593a1f8cab07f4f85810501e0e74ce28638b86a7298497c40546c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B00171365006448F8720DF29FDC58A5B7ECFB99308341142BD90AE7231CB36AE09DB94
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0048A738 Relevance: 7.5, APIs: 4, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • C:\Users\user\AppData\Roaming\BitTorrent, xrefs: 0048A738
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: tolower
                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Roaming\BitTorrent
                                                                                                                                                                                                                                                • API String ID: 3025214199-3654464935
                                                                                                                                                                                                                                                • Opcode ID: a654b470419023a614d8852c516d1ee8420b80aa0b5c637eac106494fc87aefe
                                                                                                                                                                                                                                                • Instruction ID: d44d233d1a6f3e1a27cfd5831f5f59e22ce0bd8f731564760032d6e25637d591
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a654b470419023a614d8852c516d1ee8420b80aa0b5c637eac106494fc87aefe
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8AF05E8130822155D7243AAA588663A53E8DB48722724482BF9C1C31C2FBECCCF1E36E
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0040EA05 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 427COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 0040AC47: memset.MSVCRT ref: 0040AC60
                                                                                                                                                                                                                                                • rand.MSVCRT ref: 0040ECB0
                                                                                                                                                                                                                                                  • Part of subcall function 00469300: GetSystemTime.KERNEL32(0041FA44,0041FA44,UDP), ref: 0046930A
                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 0040ED1F
                                                                                                                                                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 0040EFC5
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ??2@CountSystemTickTimememsetrand
                                                                                                                                                                                                                                                • String ID: #.'f
                                                                                                                                                                                                                                                • API String ID: 884840583-3741631022
                                                                                                                                                                                                                                                • Opcode ID: 539ccd1b978ee2f221647241db03aad1f335ff661afd2952d31371359adec012
                                                                                                                                                                                                                                                • Instruction ID: a01e499e3f31f3e3a1fdd5c6dc35de38c81a34408c6ac03c684f43f437729fd8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 539ccd1b978ee2f221647241db03aad1f335ff661afd2952d31371359adec012
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DC4267B1846B818FD361CF3A88846C3FFE4BB1A315F948A6ED1AE87292D7316144CF15
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0043B31B Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 141COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 0043B32F
                                                                                                                                                                                                                                                • SetEvent.KERNEL32(00000000,00000000,00000000,?,004367AE,?), ref: 0043B4B8
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ??2@Event
                                                                                                                                                                                                                                                • String ID: d1T$router.utorrent.com
                                                                                                                                                                                                                                                • API String ID: 1199912661-3510331610
                                                                                                                                                                                                                                                • Opcode ID: 71cb142a638263ab2a780e982119eb6dd0a760ec1077b9176fee100cd1d52a2e
                                                                                                                                                                                                                                                • Instruction ID: 9f68eb85fa4bd5eb6204af8265f1cc69ef63f1bf8c6e5bff0d0b32c0d889cc13
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 71cb142a638263ab2a780e982119eb6dd0a760ec1077b9176fee100cd1d52a2e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2C51D271900204ABCF04EF65C8917AE7BA4EF58318F10546EED059B253DB38DA55CBD9
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00418D26 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 121COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • %s: HTTP preventing DNS lookup: %S, xrefs: 00418E64
                                                                                                                                                                                                                                                • %s: HTTP invalid URL: %S, xrefs: 00418DCE
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ??2@??3@
                                                                                                                                                                                                                                                • String ID: %s: HTTP invalid URL: %S$%s: HTTP preventing DNS lookup: %S
                                                                                                                                                                                                                                                • API String ID: 1936579350-1137797574
                                                                                                                                                                                                                                                • Opcode ID: 6f98c634f69111b81a85638b1c6186ffe9153490166d6749fcc1ad92140dfdf1
                                                                                                                                                                                                                                                • Instruction ID: d620f53078011bc6b8dff256afb9ec6805e019e4bd4616deaf122f7a0ffcdef0
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6f98c634f69111b81a85638b1c6186ffe9153490166d6749fcc1ad92140dfdf1
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C4412172900349AACB11EFA1D8909EF7B69AF44304F04441FFA0957292DF399A89DB99
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0044C5B2 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114stringnetworkCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 0044C5C0
                                                                                                                                                                                                                                                  • Part of subcall function 00466AA1: LoadLibraryA.KERNEL32(wininet.dll,00000000,004879A0,?,?,0044C651,00000000,?,?,?,?,?,?,00459CFD,00459C7E,?), ref: 00466AB9
                                                                                                                                                                                                                                                  • Part of subcall function 00466AA1: GetProcAddress.KERNEL32(00000000,wininet.dll), ref: 00466AD3
                                                                                                                                                                                                                                                  • Part of subcall function 00466AA1: GetLastError.KERNEL32(?,?,0044C651,00000000,?,?,?,?,?,?,00459CFD,00459C7E,?,00000000), ref: 00466AEA
                                                                                                                                                                                                                                                • InternetSetCookieA.WININET(?,00000000,?), ref: 0044C684
                                                                                                                                                                                                                                                • strchr.MSVCRT ref: 0044C68D
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ??2@AddressCookieErrorInternetLastLibraryLoadProcstrchr
                                                                                                                                                                                                                                                • String ID: wininet.dll
                                                                                                                                                                                                                                                • API String ID: 3787153555-3354682871
                                                                                                                                                                                                                                                • Opcode ID: f144796945b8e66652b805a53ee120e57836fcba4954cc559208348e9db3f1e4
                                                                                                                                                                                                                                                • Instruction ID: 7c75fa48f57f1f9338d8e1b35b83b027339c713dd4c40e4aa8be100988d9bc29
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f144796945b8e66652b805a53ee120e57836fcba4954cc559208348e9db3f1e4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 19316830B02211ABEB689F29C494B6E7791AF41354F09942FE9059B3A2DF38DC01C788
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004156CB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 105COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • DNS resolution failed for %s %S, xrefs: 004157C4
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ??3@
                                                                                                                                                                                                                                                • String ID: DNS resolution failed for %s %S
                                                                                                                                                                                                                                                • API String ID: 613200358-1403289015
                                                                                                                                                                                                                                                • Opcode ID: 917274ddc4cad64397a0b5681a77171a0e1b7a1d92319712dd6404860ec3b97f
                                                                                                                                                                                                                                                • Instruction ID: 0f82755f592f3d899af99eef9a69d5d363343fc77bc645eb8708aa390abb9e80
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 917274ddc4cad64397a0b5681a77171a0e1b7a1d92319712dd6404860ec3b97f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 30418275900604EBCB05EF55C886EDEB7B4FF44304F1004BBE8156B2A2DB74AE81DBA8
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00458D3F Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 88COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000000,LIEFrameControl,BT_IEFRAME,54000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00458D9F
                                                                                                                                                                                                                                                • SetWindowPos.USER32(00000000,00000001,00000000,00000000,00000000,00000000,00000003,?,00000000,0045901F,?,?,00543460,00000000,?,?), ref: 00458DB1
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Window$Create
                                                                                                                                                                                                                                                • String ID: BT_IEFRAME$LIEFrameControl
                                                                                                                                                                                                                                                • API String ID: 870168347-1791212062
                                                                                                                                                                                                                                                • Opcode ID: 3b18533b734391ffe3ec182fe010ba8adaaded674a369afe02acb791a3f26338
                                                                                                                                                                                                                                                • Instruction ID: 5e54c0de5a30dd8f811c267062398928b942cacae6d5632364f8f3dcb86f86e1
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3b18533b734391ffe3ec182fe010ba8adaaded674a369afe02acb791a3f26338
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E421C3B1500745AFD3209F26CC91E67B7FCFF19314B10491EB58583652DB74A9448BA4
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0048F94F Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • InterlockedIncrement.KERNEL32(00544B18), ref: 0048F9BC
                                                                                                                                                                                                                                                • InterlockedDecrement.KERNEL32(00544B18), ref: 0048FA09
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Interlocked$DecrementIncrement
                                                                                                                                                                                                                                                • String ID: #.'f$resume.dat
                                                                                                                                                                                                                                                • API String ID: 2172605799-3463531122
                                                                                                                                                                                                                                                • Opcode ID: 3dae14b312cb4c49076fb98bf767ccc63c122bbd569830564419becb2bae4298
                                                                                                                                                                                                                                                • Instruction ID: 65b04e723ee5341ed2911eaf67d2b34ac79ec75396d6477f11353941408dcdc5
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3dae14b312cb4c49076fb98bf767ccc63c122bbd569830564419becb2bae4298
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E2110571D402459BCF04FFA6C9911EEB7B5BF55308B50847FE002A7251CB381A49CB6E
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004A1A2E Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 57windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(wininet.dll,00000000,00543AB0,?,0046BA46,00000100,00000000,0044C045,00000000,0044C07D,00000000,?,?,?,?), ref: 004A1A54
                                                                                                                                                                                                                                                • FormatMessageW.KERNEL32(00001200,00000000,00000000,00000000,00543AB0,?,00000000,00000000,00543AB0,?,0046BA46,00000100,00000000,0044C045,00000000,0044C07D), ref: 004A1A66
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: FormatHandleMessageModule
                                                                                                                                                                                                                                                • String ID: Error %d$wininet.dll
                                                                                                                                                                                                                                                • API String ID: 2046974992-2228022614
                                                                                                                                                                                                                                                • Opcode ID: 3dde001c2327f083cf9dcb426aedc41811d6a8ab0e6d22cb4d1362dbdefba313
                                                                                                                                                                                                                                                • Instruction ID: 0eed037ef3699914dad17e00d115bbe2e2051c89b5c168254f12c8c7dfa22c3e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3dde001c2327f083cf9dcb426aedc41811d6a8ab0e6d22cb4d1362dbdefba313
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 61014C2270130155E7206B15CC49F77B7ACEFA7711F14402BF242C72F1D6A84C81C66E
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004A15D3 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 56networkCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • WSAStringToAddressA.WS2_32(2001:db8::1428:57ab,00000017,00000000,?,?), ref: 004A1607
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AddressString
                                                                                                                                                                                                                                                • String ID: $8T$2001:db8::1428:57ab$255.255.255.255
                                                                                                                                                                                                                                                • API String ID: 2549180374-1226747652
                                                                                                                                                                                                                                                • Opcode ID: 69c1401d75a7a9f8716bd44670971542cc9859f9ab29c8ab6b0466b5d6d9fa07
                                                                                                                                                                                                                                                • Instruction ID: df57e47d6d9c35cbe90187957cb7494e49d0c2faea25b98ec6725d9bea611e6b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 69c1401d75a7a9f8716bd44670971542cc9859f9ab29c8ab6b0466b5d6d9fa07
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D001C432A00104ABCB348928C8819AF366AABA3334F344317F876DB2F0D67499468685
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0043C5B1 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • RtlEnterCriticalSection.NTDLL(005431B8), ref: 0043C5C8
                                                                                                                                                                                                                                                • RtlLeaveCriticalSection.NTDLL(005431B8), ref: 0043C5ED
                                                                                                                                                                                                                                                • RtlInitializeCriticalSection.NTDLL(0054314C), ref: 0043C5F4
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CriticalSection$EnterInitializeLeave
                                                                                                                                                                                                                                                • String ID: dns
                                                                                                                                                                                                                                                • API String ID: 3991485460-2196626497
                                                                                                                                                                                                                                                • Opcode ID: 4a91c240b09d77c3ef5056d93b1e20f5fc306e2a58f40cff44b38f78e6df9c32
                                                                                                                                                                                                                                                • Instruction ID: e0ab7797676725561b9d37e6b534f1cda693accf133c2f0c670ee902131896d1
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4a91c240b09d77c3ef5056d93b1e20f5fc306e2a58f40cff44b38f78e6df9c32
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 72E06C325001557BD70567AAECC9DEF7A6CAF85715F040075F201B6152CE550A0583B5
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004A0163 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 25sleepCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(00545818,00000001), ref: 004A016E
                                                                                                                                                                                                                                                • Sleep.KERNEL32(000003E8,?,?,?,?,?,00459CFD,00459C7E,?,00000000), ref: 004A019E
                                                                                                                                                                                                                                                  • Part of subcall function 0043C5FF: CreateThread.KERNEL32(?,?,?,?,?,?), ref: 0043C625
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,NoMemoryThread,00000000,00000000,004A0128,?,00000000,?,?,?,?,?,?,00459CFD,00459C7E,?), ref: 004A0193
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CloseCreateExchangeHandleInterlockedSleepThread
                                                                                                                                                                                                                                                • String ID: NoMemoryThread
                                                                                                                                                                                                                                                • API String ID: 173309394-1247638031
                                                                                                                                                                                                                                                • Opcode ID: abc9f31fff3e489709833e7224c6a2e9d236e37363e54b1419c48a528e59c8a0
                                                                                                                                                                                                                                                • Instruction ID: aecc85fc3f027f462a876166e02bb1b3bf514cbb59aa6370194c77ac6780c509
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: abc9f31fff3e489709833e7224c6a2e9d236e37363e54b1419c48a528e59c8a0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 14E0C2B1640350BFF62467629CCEEFB7E5CDB15B51F000026F605EA0C1EEBA88404779
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004A1819 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 21COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 004A10E3: GetModuleHandleA.KERNEL32(kernel32.dll,00000000,00000000,004DD12F,?,?,000007D0), ref: 004A10EA
                                                                                                                                                                                                                                                  • Part of subcall function 004A10E3: LoadLibraryA.KERNEL32(kernel32.dll), ref: 004A10F5
                                                                                                                                                                                                                                                  • Part of subcall function 004A10E3: GetProcAddress.KERNEL32(00000000,OpenThread), ref: 004A1101
                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(0054589C,004DD094,?,?,?,?,?,?,?,?,?,?,?), ref: 004A1849
                                                                                                                                                                                                                                                • IsWow64Process.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?), ref: 004A1850
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Process$AddressCurrentHandleLibraryLoadModuleProcWow64
                                                                                                                                                                                                                                                • String ID: IsWow64Process$kernel32
                                                                                                                                                                                                                                                • API String ID: 641760737-3789238822
                                                                                                                                                                                                                                                • Opcode ID: 4df535f2df75c17cb2d3a4d40a61eaec973cc762028ab5a2b1d8d56663ed7887
                                                                                                                                                                                                                                                • Instruction ID: 84d95b9331e340dd904582f3dde14afd0c77a56f4008b14a6eeeb1dd5767dcfa
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4df535f2df75c17cb2d3a4d40a61eaec973cc762028ab5a2b1d8d56663ed7887
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 41E04F745006409BDB006776590939F3BC5AB73389F148069D105C52A2FF7D8848EB19
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00422AF3 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 225COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                                                                                • String ID: magnet:$urn:btih:
                                                                                                                                                                                                                                                • API String ID: 3510742995-414134851
                                                                                                                                                                                                                                                • Opcode ID: 3c6f086b66ad6283e93be60b7c2984cc10a89bca587e0ce40d8286fcf077031a
                                                                                                                                                                                                                                                • Instruction ID: 4aa5a1a3174efb4fef05afc21d7cb0b3777e498621b8598dd8fb9ccbe50d06c1
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3c6f086b66ad6283e93be60b7c2984cc10a89bca587e0ce40d8286fcf077031a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A061A031B001246BCF25AF21A6516BE27629F91748F88845BA8025F3A2CFFCCD46D78D
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00458E1C Relevance: 6.1, APIs: 4, Instructions: 122COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT ref: 00458E79
                                                                                                                                                                                                                                                • MoveWindow.USER32(?,0000803E,?,?,?,00000001,00000000,00000000,00459105,?), ref: 00458F46
                                                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT ref: 00458F4D
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ??3@$MoveWindow
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1754152917-0
                                                                                                                                                                                                                                                • Opcode ID: 27c18787b2f0fad33f9431c48c4a19be7554f8e324664daf27ddc5c8b32fe7d1
                                                                                                                                                                                                                                                • Instruction ID: 07c79b33c6df85fde232e888fefc9268f31556bcc3c93b00bf3dea4c80427e2c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 27c18787b2f0fad33f9431c48c4a19be7554f8e324664daf27ddc5c8b32fe7d1
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EE31C5322006019FDA25AB16C84593BB3A6EF4C702B04891FFD43A7753CF2CAC09C799
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004691AE Relevance: 6.1, APIs: 4, Instructions: 106COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: wcschr$memcpy
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2559618953-0
                                                                                                                                                                                                                                                • Opcode ID: 3354fee2aa435239fb3011cc4b3c536ab01c71b7de93f6982a0194bb1eb62980
                                                                                                                                                                                                                                                • Instruction ID: 63611682834760c4b278afb1a1dcb794430d24a41a24756e3902c11929508142
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3354fee2aa435239fb3011cc4b3c536ab01c71b7de93f6982a0194bb1eb62980
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 75314872900201FACF258F55D8519FBB7ACDF5636071449ABE846CB240F6B4EE4582AA
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004A03C0 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 97COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                                                                                • String ID: .!bt$\\?\
                                                                                                                                                                                                                                                • API String ID: 3510742995-4282639525
                                                                                                                                                                                                                                                • Opcode ID: d2dec3a76f6fd6af37d31d0907262322b73799efe465eb2c15ae9d8c2b3fac84
                                                                                                                                                                                                                                                • Instruction ID: a487e95d7af7c972d484a33d1a734871747e55acce950b6df4eb6ff90a609481
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d2dec3a76f6fd6af37d31d0907262322b73799efe465eb2c15ae9d8c2b3fac84
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8E3126B2D00505AFCF14DFA8C491ABEB7B0EF1630CB08816AD946DB341E7B8AA45C784
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0043E293 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 92stringCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: strstr
                                                                                                                                                                                                                                                • String ID: Audio:$Video:
                                                                                                                                                                                                                                                • API String ID: 1392478783-580392852
                                                                                                                                                                                                                                                • Opcode ID: d2b5469804b6f8132f782d21878c1b1889aa29c7993498ae82a6af96fa9732cd
                                                                                                                                                                                                                                                • Instruction ID: 96ad9b245a45ff38bc69bcdf8ba96fc3713655b2d1540e47893ecac342d75d39
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d2b5469804b6f8132f782d21878c1b1889aa29c7993498ae82a6af96fa9732cd
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D6219571A00118AADB05FAA7C841BEF73AD9F44348F10407BF906E72C2DB7C9E058799
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0047332A Relevance: 6.1, APIs: 4, Instructions: 88networkCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: htonlhtons
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 493294928-0
                                                                                                                                                                                                                                                • Opcode ID: 4f574614ed50bdd20fb12605f94e94a59420a30b6b139e07f485c5955c98177c
                                                                                                                                                                                                                                                • Instruction ID: 22433f342eae17e2599f99bdc9336c61e869b08db531d6f3525b1eeb3ecb1daa
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4f574614ed50bdd20fb12605f94e94a59420a30b6b139e07f485c5955c98177c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0031BC74A04289EFCF00CFA8C8846EEBFB5AF59305F04805AEC45AB382C7745A45DBA5
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0044F72C Relevance: 6.1, APIs: 4, Instructions: 84COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 0046B834: GetCurrentThreadId.KERNEL32 ref: 0046B844
                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 0044F76B
                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 0044F771
                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(00100000), ref: 0044F777
                                                                                                                                                                                                                                                  • Part of subcall function 0044E847: SafeArrayCreate.OLEAUT32(0000000C,00000001,0044F7B2), ref: 0044E864
                                                                                                                                                                                                                                                  • Part of subcall function 0044E847: VariantInit.OLEAUT32(0044F7B2), ref: 0044E874
                                                                                                                                                                                                                                                  • Part of subcall function 0044E847: VariantInit.OLEAUT32(?), ref: 0044E892
                                                                                                                                                                                                                                                  • Part of subcall function 0044E847: SysAllocString.OLEAUT32(00000008), ref: 0044E8A5
                                                                                                                                                                                                                                                  • Part of subcall function 0044E847: SafeArrayPutElement.OLEAUT32(?,00000000,?), ref: 0044E8B9
                                                                                                                                                                                                                                                  • Part of subcall function 0044E847: VariantClear.OLEAUT32(?), ref: 0044E8C3
                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(00100000), ref: 0044F7EB
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Variant$Init$ArrayClearSafe$AllocCreateCurrentElementStringThread
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1601107503-0
                                                                                                                                                                                                                                                • Opcode ID: 47360ca156c52377a83e442d612224b66168f64649abc7adc53338a46cf0e8fe
                                                                                                                                                                                                                                                • Instruction ID: f0ec563dee55ffafd11d345ecd52b735b02366667bd2ef16a7c6d015c0ac6d22
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 47360ca156c52377a83e442d612224b66168f64649abc7adc53338a46cf0e8fe
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 212160B1901219AEDB04DFE9D9459DEB7BCEF48310F20452AF501E7250E674AE05CBA5
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0043C436 Relevance: 6.0, APIs: 4, Instructions: 42threadCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • RtlEnterCriticalSection.NTDLL(005431B8), ref: 0043C44C
                                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 0043C45B
                                                                                                                                                                                                                                                • RtlLeaveCriticalSection.NTDLL(005431B8), ref: 0043C4A1
                                                                                                                                                                                                                                                • RtlLeaveCriticalSection.NTDLL(005431B8), ref: 0043C4A5
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CriticalSection$Leave$CurrentEnterThread
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2905768538-0
                                                                                                                                                                                                                                                • Opcode ID: f1868ce94f52ab719e366593b7ea1adbb65317a775ae6f436c5795f56f5cb87c
                                                                                                                                                                                                                                                • Instruction ID: 7d8ba6755e7438827e13f129986cd2114c4aaab8629c6976e64154cfb093b7c2
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f1868ce94f52ab719e366593b7ea1adbb65317a775ae6f436c5795f56f5cb87c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3801D6397001008F87189F25DCC48B9B768EBEA328315A16FD4055B232DE37DA08D744
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00438A7E Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 152COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ??2@??3@
                                                                                                                                                                                                                                                • String ID: 4-T
                                                                                                                                                                                                                                                • API String ID: 1936579350-2416925532
                                                                                                                                                                                                                                                • Opcode ID: 1c16a849212bdee1697300c4284a406c186024b37073818d877ecbaab05771f6
                                                                                                                                                                                                                                                • Instruction ID: 1c270ae4fb1ea26f8b841b5d570e454327e2dedc51aae199c91a21947af6457e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1c16a849212bdee1697300c4284a406c186024b37073818d877ecbaab05771f6
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2F517EB0A003068FCB19CF58C9D05AEF7B2FB99318F64546EE0029B341DB79AD42CB58
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00439C02 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 113synchronizationwindowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 0043C3B8: RtlEnterCriticalSection.NTDLL(00543978), ref: 0043C3C4
                                                                                                                                                                                                                                                  • Part of subcall function 0043C3B8: RtlEnterCriticalSection.NTDLL(005431B8), ref: 0043C3D0
                                                                                                                                                                                                                                                  • Part of subcall function 0043C3B8: GetCurrentThreadId.KERNEL32 ref: 0043C419
                                                                                                                                                                                                                                                  • Part of subcall function 0043C3B8: GetCurrentThreadId.KERNEL32 ref: 0043C425
                                                                                                                                                                                                                                                  • Part of subcall function 0043C3B8: RtlLeaveCriticalSection.NTDLL(005431B8), ref: 0043C42C
                                                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00001388,00542D9C,00542D9C,00542D9C), ref: 00439C5D
                                                                                                                                                                                                                                                • PostMessageW.USER32(00008011,00000000,00000000), ref: 00439D8E
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CriticalSection$CurrentEnterThread$LeaveMessageObjectPostSingleWait
                                                                                                                                                                                                                                                • String ID: #.'f
                                                                                                                                                                                                                                                • API String ID: 1425912708-3741631022
                                                                                                                                                                                                                                                • Opcode ID: 29e97f09a7e22f3d6584ef31acc8533e46bd8ef3f395e58bebd83554e768fcdd
                                                                                                                                                                                                                                                • Instruction ID: f86aeccb2f03683c5623906ba8dd5545546b8dd1671b2e7483bd5ff08b26cfff
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 29e97f09a7e22f3d6584ef31acc8533e46bd8ef3f395e58bebd83554e768fcdd
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B741E3759083508FDB25DF15D8813AEBBE1ABAD708F44241FF48556362C7B84D49CB8A
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004A227F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 80COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32(00000000,?,?,?,?,?,?,?,004DD0D1,00533C88), ref: 004A229D
                                                                                                                                                                                                                                                • _wcsnicmp.MSVCRT ref: 004A22E7
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CurrentProcess_wcsnicmp
                                                                                                                                                                                                                                                • String ID: %S:%.X+%.X,
                                                                                                                                                                                                                                                • API String ID: 2276989559-3895316571
                                                                                                                                                                                                                                                • Opcode ID: 06c21d5685bd2c788122e77d5e5b636e31f414188650d29f3c4b3cd2f49b029a
                                                                                                                                                                                                                                                • Instruction ID: 3366c192aa376b41fce6cb370d9e17cc8048c382bd485e66c3cc7ec217e637d9
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 06c21d5685bd2c788122e77d5e5b636e31f414188650d29f3c4b3cd2f49b029a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F73159B6D00219EFCF10DF99C9859EEBBB4FF29305F0440AAE905A3251D7789A40DB98
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00473994 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 77COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • RangeBlock disconnected peer %a, xrefs: 00473A42
                                                                                                                                                                                                                                                • IpFilter disconnected peer %a, xrefs: 004739C1
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: IpFilter disconnected peer %a$RangeBlock disconnected peer %a
                                                                                                                                                                                                                                                • API String ID: 0-2597693799
                                                                                                                                                                                                                                                • Opcode ID: b94daa8063678e07e41a610f56f11816f475cb3799a01bbd069e85a230302d1e
                                                                                                                                                                                                                                                • Instruction ID: 1ea1fd59f05d482a351cc222ecde363e719d7a9145d811317ca3e323108a08b9
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b94daa8063678e07e41a610f56f11816f475cb3799a01bbd069e85a230302d1e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 462164B12007407BCF05AB758957BFBB7CC9F42309F04086FA4D693283CA6D6E09A329
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00420064 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • htonl.WS2_32(?), ref: 004200C4
                                                                                                                                                                                                                                                  • Part of subcall function 00422060: strrchr.MSVCRT ref: 00422064
                                                                                                                                                                                                                                                  • Part of subcall function 00422060: _strcmpi.MSVCRT ref: 00422077
                                                                                                                                                                                                                                                  • Part of subcall function 00422060: _strcmpi.MSVCRT ref: 00422088
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: _strcmpi$htonlstrrchr
                                                                                                                                                                                                                                                • String ID: %I.%s$zz.countries.nerd.dk
                                                                                                                                                                                                                                                • API String ID: 3439610112-1728926548
                                                                                                                                                                                                                                                • Opcode ID: 21933104a8e1164d6b1d6c221f3f089676176cae9027cb95d949368265b00a95
                                                                                                                                                                                                                                                • Instruction ID: a8d61a018f07e361a72b1963682cad460ed47a7294713893fb627055a8b33001
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 21933104a8e1164d6b1d6c221f3f089676176cae9027cb95d949368265b00a95
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1A113820E043A4B9DF21A7F96811BEF7BF05F45304F20058FE59163393DA394A00D319
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0048ABB9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000240,?,000000FF,00000000,00000000,00000000,?,UDP,?,?,?,?,00489314,UDP,?), ref: 0048ABE4
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ByteCharMultiWide
                                                                                                                                                                                                                                                • String ID: UDP
                                                                                                                                                                                                                                                • API String ID: 626452242-1783164604
                                                                                                                                                                                                                                                • Opcode ID: 41669e24f00fabca73c66e08ee80919b3213ffe9cf8273a6006b950c7fe0a4ce
                                                                                                                                                                                                                                                • Instruction ID: 5dbe6c3e49bdc212b12f024a64b6058f28fdc046f583f554f174711258178286
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 41669e24f00fabca73c66e08ee80919b3213ffe9cf8273a6006b950c7fe0a4ce
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 32F0F4723092257FE7115A1A9C84EBFBB8CDB467B4F200B2FF214D2281D555A84547BA
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0043E49F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ??3@_wcsicmp
                                                                                                                                                                                                                                                • String ID: #.'f
                                                                                                                                                                                                                                                • API String ID: 3802049534-3741631022
                                                                                                                                                                                                                                                • Opcode ID: 54f1953f7a316b5849a205a3584e636842e7cd29b585aad5a6d8c9888a91bb50
                                                                                                                                                                                                                                                • Instruction ID: 1f9c7c4429f1f9599291fdab2c84fcc13d10eae98b575bb4b0da9bce82a69f5a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 54f1953f7a316b5849a205a3584e636842e7cd29b585aad5a6d8c9888a91bb50
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 16019E761066419FD3249E2AE844916B3E4FB58329F20191FF055837D1DB78AC048718
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004667A3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 0048C4D5: TlsGetValue.KERNEL32(00000015,?,0048A6E5,?,UDP,?,?,?,0049BA20,005085F8,00000000,?,?,0049BB70,00000000,?), ref: 0048C4EA
                                                                                                                                                                                                                                                  • Part of subcall function 0048C4D5: malloc.MSVCRT ref: 0048C4F9
                                                                                                                                                                                                                                                  • Part of subcall function 0048C4D5: TlsSetValue.KERNEL32(00000000,00000000,?,?,0049BA20,005085F8,00000000,?,?,0049BB70,00000000,?,?,?,?,00000000), ref: 0048C511
                                                                                                                                                                                                                                                • SetPropA.USER32(?,MsgBoxData,?), ref: 004667DD
                                                                                                                                                                                                                                                • CallNextHookEx.USER32(00000000,?,?,?), ref: 00466800
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Value$CallHookNextPropmalloc
                                                                                                                                                                                                                                                • String ID: MsgBoxData
                                                                                                                                                                                                                                                • API String ID: 2721637341-1423917892
                                                                                                                                                                                                                                                • Opcode ID: 5752b0cd7b20b3a1f32228e5f077f31e72a3978fa0ff50d920c89895ded2eb72
                                                                                                                                                                                                                                                • Instruction ID: 96e589d59669b4a447dfeb47b0227b2d50364a01aca2a15882e80b0be42958ea
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5752b0cd7b20b3a1f32228e5f077f31e72a3978fa0ff50d920c89895ded2eb72
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 14F0A431801264AFDB21AF51C944F9BBFA5EF1472AF02801AFD181B212D739D944D79A
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004A12C8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32keyboardCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • keybd_event.USER32(00000010,00000000,00000000,00000000), ref: 004A130B
                                                                                                                                                                                                                                                • keybd_event.USER32(00000010,00000000,00000002,00000000), ref: 004A1313
                                                                                                                                                                                                                                                  • Part of subcall function 00466AA1: LoadLibraryA.KERNEL32(wininet.dll,00000000,004879A0,?,?,0044C651,00000000,?,?,?,?,?,?,00459CFD,00459C7E,?), ref: 00466AB9
                                                                                                                                                                                                                                                  • Part of subcall function 00466AA1: GetProcAddress.KERNEL32(00000000,wininet.dll), ref: 00466AD3
                                                                                                                                                                                                                                                  • Part of subcall function 00466AA1: GetLastError.KERNEL32(?,?,0044C651,00000000,?,?,?,?,?,?,00459CFD,00459C7E,?,00000000), ref: 00466AEA
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: keybd_event$AddressErrorLastLibraryLoadProc
                                                                                                                                                                                                                                                • String ID: kernel32.dll
                                                                                                                                                                                                                                                • API String ID: 1427422320-1793498882
                                                                                                                                                                                                                                                • Opcode ID: 92a44888de7306592b75e0abe559beb8b32a9e2154cec787a3fdc394e2a20a52
                                                                                                                                                                                                                                                • Instruction ID: 67506536936682c78bdd6fc020fade83d9b445e461cbf4bdeb8f689f05420805
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 92a44888de7306592b75e0abe559beb8b32a9e2154cec787a3fdc394e2a20a52
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0EE09222A4055437EA3027A76C09FAF5E69EBF3F54F61007BF240FA2E2D8954C4086A9
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004A1281 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetLastInputInfo.USER32(?), ref: 004A12AF
                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 004A12B9
                                                                                                                                                                                                                                                  • Part of subcall function 00466AA1: LoadLibraryA.KERNEL32(wininet.dll,00000000,004879A0,?,?,0044C651,00000000,?,?,?,?,?,?,00459CFD,00459C7E,?), ref: 00466AB9
                                                                                                                                                                                                                                                  • Part of subcall function 00466AA1: GetProcAddress.KERNEL32(00000000,wininet.dll), ref: 00466AD3
                                                                                                                                                                                                                                                  • Part of subcall function 00466AA1: GetLastError.KERNEL32(?,?,0044C651,00000000,?,?,?,?,?,?,00459CFD,00459C7E,?,00000000), ref: 00466AEA
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Last$AddressCountErrorInfoInputLibraryLoadProcTick
                                                                                                                                                                                                                                                • String ID: user32.dll
                                                                                                                                                                                                                                                • API String ID: 1025015531-38312619
                                                                                                                                                                                                                                                • Opcode ID: a112a9686889df9a831d282431a84076c982358567b739679e5cb3dd2f07c2b9
                                                                                                                                                                                                                                                • Instruction ID: bfc9ea3d244ebf1e4fea3af29663cc51b919b289854c692d8d783de9128d73a4
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a112a9686889df9a831d282431a84076c982358567b739679e5cb3dd2f07c2b9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 58E0DF35610248AFDB00EFA0D8097DF7BE8AB1234CF5001A99201F22D2EFB5C848C725
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004022F3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • InterlockedDecrement.KERNEL32(?), ref: 004022FE
                                                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT ref: 00402316
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2879003101.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2878978900.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879003101.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879453964.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000004.00000002.2879480068.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ??3@DecrementInterlocked
                                                                                                                                                                                                                                                • String ID: source
                                                                                                                                                                                                                                                • API String ID: 2589872974-1602912115
                                                                                                                                                                                                                                                • Opcode ID: 3e11bf462b9b709ede4b0b05087be74d059773daf668438cc5f510402307f81a
                                                                                                                                                                                                                                                • Instruction ID: 3ad6ac2798e9badfa8558a3821023d7d1e30fab5b03a1e026ff5565d53d0188b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3e11bf462b9b709ede4b0b05087be74d059773daf668438cc5f510402307f81a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 91D05E77645920028522223A79095DF12998BC5722706043BFE0AE7386DEBC8E4A02AD
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                                Execution Coverage:8.2%
                                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                Signature Coverage:0%
                                                                                                                                                                                                                                                Total number of Nodes:171
                                                                                                                                                                                                                                                Total number of Limit Nodes:6
                                                                                                                                                                                                                                                execution_graph 841 4371fa 842 437200 GetCurrentThread SetThreadPriority 841->842 843 43721a 841->843 844 437237 GetCurrentThread SetThreadPriority 842->844 845 43721f GetCurrentThread SetThreadPriority 843->845 846 43723c 843->846 844->846 845->844 847 5c3c00 848 5c3c18 VirtualProtect VirtualProtect 847->848 850 5c47b0 848->850 850->850 1001 439d9e GetCurrentThreadId 1002 439db2 1001->1002 1003 439db9 1001->1003 1007 4371fa 1002->1007 1013 439c02 1003->1013 1006 439dc2 1008 437200 GetCurrentThread SetThreadPriority 1007->1008 1009 43721a 1007->1009 1010 437237 GetCurrentThread SetThreadPriority 1008->1010 1011 43721f GetCurrentThread SetThreadPriority 1009->1011 1012 43723c 1009->1012 1010->1012 1011->1010 1012->1003 1021 439c29 1013->1021 1014 43c3b8 5 API calls 1014->1021 1016 439c52 WaitForSingleObject 1018 43c3b8 5 API calls 1016->1018 1017 439d78 1020 43c436 4 API calls 1017->1020 1018->1021 1022 439d7f PostMessageW 1020->1022 1021->1014 1021->1017 1023 43c436 4 API calls 1021->1023 1024 4371fa 6 API calls 1021->1024 1025 43c436 1021->1025 1032 438a7e 1021->1032 1022->1006 1023->1021 1024->1021 1026 43c4a4 RtlLeaveCriticalSection 1025->1026 1027 43c44a RtlEnterCriticalSection 1025->1027 1026->1016 1040 43c341 1027->1040 1029 43c459 GetCurrentThreadId 1030 43c4a0 RtlLeaveCriticalSection 1029->1030 1031 43c467 1029->1031 1030->1026 1031->1030 1033 438aa2 1032->1033 1034 438a96 1032->1034 1033->1021 1034->1033 1034->1034 1035 438aa9 ??2@YAPAXI 1034->1035 1036 438ad0 1035->1036 1037 4a0e81 GetTickCount 1036->1037 1039 438af3 ??3@YAXPAX 1037->1039 1039->1033 1041 43c37b 1040->1041 1041->1029 851 46f4e8 856 46f337 GetTickCount 851->856 857 46f364 856->857 858 46f4e2 856->858 859 46f366 GetTickCount 857->859 880 4b1615 857->880 877 48b74d 858->877 859->857 860 46f383 Sleep 859->860 862 46f37f 860->862 862->860 884 46b690 WSAWaitForMultipleEvents 862->884 885 4a0eba 862->885 865 46f39a GetTickCount 868 46f3af 865->868 868->859 870 4a0eba 2 API calls 868->870 874 46f4e0 868->874 893 46b834 868->893 896 46f2ee 868->896 900 4e15ee 868->900 908 49b2c7 868->908 916 46c8a5 868->916 923 4232e1 868->923 926 4a01a7 868->926 929 46f29c 868->929 870->868 874->858 1000 468618 ??3@YAXPAX 877->1000 879 46f4fb 881 4b1623 880->881 882 4b161e 880->882 881->862 933 4b156e 882->933 884->862 886 4a0ec9 885->886 892 4a0eec 885->892 951 4a0e81 886->951 888 4a0e81 GetTickCount 890 4a0f02 __aulldiv 888->890 889 4a0ed7 __aulldiv 955 469300 GetSystemTime 889->955 890->865 892->888 957 43c3b8 RtlEnterCriticalSection 893->957 897 46f2f5 896->897 899 46f335 896->899 898 46f31d WSAWaitForMultipleEvents 897->898 898->897 898->899 899->868 901 4e15f3 900->901 903 4e16d8 901->903 904 4e1695 901->904 963 48b5c5 901->963 903->868 906 4e16a8 904->906 966 48bc10 904->966 906->903 970 4e0c68 906->970 909 49b2dc 908->909 910 49b2f5 GetTickCount 908->910 909->910 911 49b30a 910->911 912 49b331 ??2@YAPAXI 911->912 915 49b34f 911->915 913 49b344 912->913 912->915 985 49a405 913->985 915->868 993 468618 ??3@YAXPAX 916->993 918 46c8b2 921 46c8e2 918->921 994 468618 ??3@YAXPAX 918->994 922 46c906 921->922 995 468618 ??3@YAXPAX 921->995 922->868 924 4232f3 923->924 925 4232ea HeapCompact 923->925 924->868 925->924 927 4a01b9 926->927 928 4a01b0 HeapCompact 926->928 927->868 928->927 930 46f2a8 929->930 932 46f2ad 929->932 996 43b01b 930->996 932->868 934 4b157c 933->934 936 4b15e8 934->936 943 443bd8 934->943 936->881 937 4b15a1 941 4b15b8 937->941 946 442beb RegQueryInfoKeyW 937->946 939 443bd8 2 API calls 940 4b15d1 939->940 940->936 947 442beb RegQueryInfoKeyW 940->947 941->936 941->939 948 442a06 943->948 946->941 947->936 949 442a0f RegCloseKey 948->949 950 442a19 RegOpenKeyExW 948->950 949->950 950->937 952 4a0e8a 951->952 953 4a0eb1 GetTickCount 952->953 954 4a0e95 952->954 953->889 954->889 956 469331 955->956 956->892 958 43c432 GetCurrentThreadId 957->958 959 43c3cf RtlEnterCriticalSection 957->959 958->868 960 43c3d9 959->960 961 43c42b RtlLeaveCriticalSection 960->961 962 43c3e5 GetCurrentThreadId GetCurrentThreadId 960->962 961->958 962->961 964 48b5d3 memcpy 963->964 965 48b5f5 963->965 964->965 965->901 967 48bc1b 966->967 969 48bc24 966->969 980 468618 ??3@YAXPAX 967->980 969->906 972 4e0c7b 970->972 973 4e0ccf 972->973 981 468618 ??3@YAXPAX 972->981 975 4e0cea 973->975 982 468618 ??3@YAXPAX 973->982 983 468618 ??3@YAXPAX 975->983 977 4e0cf7 984 468618 ??3@YAXPAX 977->984 979 4e0d04 980->969 981->972 982->973 983->977 984->979 986 49a41a 985->986 989 48bc64 986->989 988 49a47d 988->915 990 48bc7b 989->990 991 48bc8e memcpy 989->991 992 48bc10 ??3@YAXPAX 990->992 991->988 992->991 993->918 994->918 995->921 997 43b024 996->997 999 43b032 996->999 998 43c3b8 5 API calls 997->998 998->999 999->932 1000->879 1042 43abac 1043 43abb5 1042->1043 1044 43abc4 1042->1044 1046 43c5b1 1043->1046 1047 43c5f3 RtlInitializeCriticalSection 1046->1047 1048 43c5c7 RtlEnterCriticalSection 1046->1048 1047->1044 1049 43c5d8 1048->1049 1052 43c4ab 1049->1052 1053 43c4b9 1052->1053 1056 48c20c 1053->1056 1055 43c4dd RtlLeaveCriticalSection 1055->1047 1057 48c21b 1056->1057 1058 48c223 memmove 1056->1058 1060 48c18f 1057->1060 1058->1055 1061 48c199 1060->1061 1062 48bc10 ??3@YAXPAX 1061->1062 1063 48c1a6 1062->1063 1063->1058

                                                                                                                                                                                                                                                Callgraph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                • Opacity -> Relevance
                                                                                                                                                                                                                                                • Disassembly available
                                                                                                                                                                                                                                                callgraph 0 Function_0043C341 23 Function_00405D72 0->23 1 Function_0048B74D 48 Function_00468618 1->48 2 Function_0040844D 3 Function_0048B5C5 4 Function_0049B2C7 10 Function_0049A057 4->10 36 Function_0049A080 4->36 38 Function_0049A405 4->38 53 Function_0049B021 4->53 5 Function_0046B8D3 6 Function_0046B850 7 Function_00443BD8 31 Function_00442A06 7->31 8 Function_0041FCDC 8->2 9 Function_0043C2DD 9->23 11 Function_0049F156 12 Function_004E15EE 12->3 15 Function_004E0C68 12->15 42 Function_0048BC10 12->42 64 Function_004E15B6 12->64 13 Function_004232E1 14 Function_004B156E 14->7 20 Function_00442BEB 14->20 33 Function_00442A00 14->33 24 Function_004DF779 15->24 15->48 62 Function_004DF6BF 15->62 16 Function_0046F2EE 55 Function_0046F1AB 16->55 17 Function_00487E60 18 Function_0048BC64 18->42 19 Function_0046F4E8 19->1 59 Function_0046F337 19->59 21 Function_00401270 22 Function_0046DFF7 25 Function_004E00FB 26 Function_004371FA 27 Function_00438A7E 37 Function_004A0E81 27->37 51 Function_0049F8AE 27->51 28 Function_0046DE78 29 Function_00401400 30 Function_00439C02 30->26 30->27 40 Function_00437413 30->40 54 Function_00437129 30->54 63 Function_0043C436 30->63 65 Function_004373BA 30->65 66 Function_0043C3B8 30->66 32 Function_0048C20C 35 Function_0048C18F 32->35 34 Function_00469300 50 Function_004692A3 34->50 35->42 38->17 38->18 39 Function_0043C00C 41 Function_0046B690 42->48 43 Function_0043B01B 43->66 44 Function_0046F29C 44->43 45 Function_005C3C00 46 Function_00439D9E 46->26 46->30 47 Function_004B1615 47->14 49 Function_0046C8A5 49->48 50->21 51->11 52 Function_0043C4AB 52->9 52->32 53->10 53->36 54->29 56 Function_004A01A7 57 Function_0043ABAC 60 Function_0043C5B1 57->60 58 Function_004A0EBA 58->29 58->34 58->37 59->4 59->5 59->6 59->8 59->12 59->13 59->16 59->22 59->28 59->41 59->44 59->47 59->49 59->56 59->58 61 Function_0046B834 59->61 60->39 60->52 61->66 63->0 64->25 66->0

                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                Function 005C3C00 Relevance: 3.9, APIs: 2, Instructions: 879memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • VirtualProtect.KERNELBASE(-00001000,00001000,00000004,?,00000018), ref: 005C4793
                                                                                                                                                                                                                                                • VirtualProtect.KERNELBASE(-00001000,00001000), ref: 005C47A8
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.1999514576.00000000005C3000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999294172.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.000000000054B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999527750.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                                                                                                                • Opcode ID: adc767022a725d7b59a43354edcefaa6b920ae0b6e695f04c20663282151ebdd
                                                                                                                                                                                                                                                • Instruction ID: c82c76eaa7c433a81f545ea17fe59400075ed6e2d987560102243a7c2a33a7b6
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: adc767022a725d7b59a43354edcefaa6b920ae0b6e695f04c20663282151ebdd
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 98728A315083558FD724CF68C890B6ABBE1FF8A384F154A2DE9A58B351E371D985CF82
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004371FA Relevance: 9.0, APIs: 6, Instructions: 27threadCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetCurrentThread.KERNEL32 ref: 0043720B
                                                                                                                                                                                                                                                • SetThreadPriority.KERNELBASE(00000000), ref: 00437214
                                                                                                                                                                                                                                                • GetCurrentThread.KERNEL32 ref: 0043722A
                                                                                                                                                                                                                                                • SetThreadPriority.KERNEL32(00000000), ref: 00437233
                                                                                                                                                                                                                                                • GetCurrentThread.KERNEL32 ref: 00437237
                                                                                                                                                                                                                                                • SetThreadPriority.KERNELBASE(00000000), ref: 0043723A
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999294172.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.000000000054B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999514576.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999527750.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Thread$CurrentPriority
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1343868529-0
                                                                                                                                                                                                                                                • Opcode ID: 676de2501da33460a3ae05aab1acf7e72cd43594922d2dc9fdf2b0796fd57fec
                                                                                                                                                                                                                                                • Instruction ID: 98b7f03d03192239b80dc3813169242e7629338a1043ac82295b91da3c824815
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 676de2501da33460a3ae05aab1acf7e72cd43594922d2dc9fdf2b0796fd57fec
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 20E0D872D0816411CD202BE62C44F1F2A1CEBC9331F1A0497F3009F180856458414BA7
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00443BD8 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14registryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 160 443bd8-443bfb call 442a06 RegOpenKeyExW
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00442A06: RegCloseKey.KERNELBASE(00000000,?,00443BE0,Software\Wine,004B15A1,80000002,Software\Wine,00020019,00000000,00000019,74DF23A0,?,?,?,004B1623,0046F37F), ref: 00442A10
                                                                                                                                                                                                                                                • RegOpenKeyExW.KERNELBASE(?,?,00000000,?,?,Software\Wine,004B15A1,80000002,Software\Wine,00020019,00000000,00000019,74DF23A0), ref: 00443BEF
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999294172.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.000000000054B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999514576.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999527750.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CloseOpen
                                                                                                                                                                                                                                                • String ID: Software\Wine
                                                                                                                                                                                                                                                • API String ID: 47109696-669380751
                                                                                                                                                                                                                                                • Opcode ID: e6e61b4e1139124512d0c4bf1d47d5d43052b3154064fb2fa45849c4338c0c13
                                                                                                                                                                                                                                                • Instruction ID: 27eb3eee8b7a423b2ae2d0062fb25aff889c2060e01e461cfa5658acbba1d7d5
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e6e61b4e1139124512d0c4bf1d47d5d43052b3154064fb2fa45849c4338c0c13
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 24D02232058231AAC730AF309C00F8B7E94EFA5740F00092AB041A00B1C1A2C81697A1
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00442A06 Relevance: 1.5, APIs: 1, Instructions: 10registryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 163 442a06-442a0d 164 442a0f-442a16 RegCloseKey 163->164 165 442a19-442a1a 163->165 164->165
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • RegCloseKey.KERNELBASE(00000000,?,00443BE0,Software\Wine,004B15A1,80000002,Software\Wine,00020019,00000000,00000019,74DF23A0,?,?,?,004B1623,0046F37F), ref: 00442A10
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999294172.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.000000000054B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999514576.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999527750.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Close
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3535843008-0
                                                                                                                                                                                                                                                • Opcode ID: d656e0732be45c8aa06141d7b783103bcc3aa4426a1adeda529f3cb3e35a2039
                                                                                                                                                                                                                                                • Instruction ID: f3813982204b5ae850940b5f19d2ed492c129e3a370f6e81e8cb5ac3dee6d7ca
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d656e0732be45c8aa06141d7b783103bcc3aa4426a1adeda529f3cb3e35a2039
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 36C04C3151522147D7709F59F94476273E85F04362F15045AB880EA145D6A48880869C
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                                Function 0046F337 Relevance: 6.1, APIs: 4, Instructions: 129sleepCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 227 46f337-46f35e GetTickCount 228 46f364-46f365 227->228 229 46f4e2-46f4e7 227->229 230 46f366-46f378 GetTickCount 228->230 231 46f383-46f38a Sleep 230->231 232 46f37a call 4b1615 230->232 234 46f38c-46f3ad call 46b690 call 4a0eba GetTickCount 231->234 235 46f37f-46f381 232->235 240 46f3b5 234->240 241 46f3af-46f3b3 234->241 235->231 235->234 242 46f3ba-46f3cb 240->242 241->242 243 46f3e4-46f3f7 call 46b834 call 46f2ee 242->243 244 46f3cd-46f3de 242->244 250 46f409-46f412 243->250 251 46f3f9-46f404 call 4e15ee call 49b2c7 243->251 244->243 245 46f3e0 244->245 245->243 253 46f414-46f430 call 4a0eba 250->253 254 46f478-46f47a 250->254 251->250 267 46f457-46f473 call 46cc1b call 46cfe4 call 46b8d3 253->267 268 46f432-46f43f 253->268 256 46f47c-46f483 254->256 257 46f4b8-46f4da call 46de78 call 46f29c call 46b850 254->257 261 46f485 call 41fcdc 256->261 262 46f48a-46f4a2 call 46ded2 256->262 257->230 285 46f4e0-46f4e1 257->285 261->262 262->257 276 46f4a4-46f4b3 call 46c8a5 call 4232e1 call 4a01a7 262->276 267->254 272 46f446-46f455 268->272 273 46f441 call 46dff7 268->273 272->267 272->268 273->272 276->257 285->229
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 0046F342
                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 0046F36F
                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000019,?,?,?,?,?,?,?,?,?,?,?,0046F4F1), ref: 0046F384
                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 0046F3A5
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999294172.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.000000000054B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999514576.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999527750.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CountTick$Sleep
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 4250438611-0
                                                                                                                                                                                                                                                • Opcode ID: 819843abe4a9d3fb02cbded1e72c211db5137714abf1aec688d9882672f31283
                                                                                                                                                                                                                                                • Instruction ID: fea66f8f8180269b15010c85c1ca9a3a1de86c56fec6988f8bb0eb06049ebec8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 819843abe4a9d3fb02cbded1e72c211db5137714abf1aec688d9882672f31283
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A9418C719083419FD714EF26E49526EB7E5AFA5308F00442FF4C587262EB3C8989CB9B
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0043C3B8 Relevance: 7.5, APIs: 5, Instructions: 44threadCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • RtlEnterCriticalSection.NTDLL(0054314C), ref: 0043C3C4
                                                                                                                                                                                                                                                • RtlEnterCriticalSection.NTDLL(005431B8), ref: 0043C3D0
                                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 0043C419
                                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 0043C425
                                                                                                                                                                                                                                                • RtlLeaveCriticalSection.NTDLL(005431B8), ref: 0043C42C
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999294172.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.000000000054B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999514576.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999527750.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CriticalSection$CurrentEnterThread$Leave
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3476096762-0
                                                                                                                                                                                                                                                • Opcode ID: 35474f90d31593a1f8cab07f4f85810501e0e74ce28638b86a7298497c40546c
                                                                                                                                                                                                                                                • Instruction ID: 7e012595fc6096444b6f3579f6d7fb995ba997b66bce14fbd92c62cb22b89932
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 35474f90d31593a1f8cab07f4f85810501e0e74ce28638b86a7298497c40546c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B00171365006448F8720DF29FDC58A5B7ECFB99308341142BD90AE7231CB36AE09DB94
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0049B2C7 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 85COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 180 49b2c7-49b2da 181 49b2dc-49b2ee 180->181 182 49b2f5-49b308 GetTickCount 180->182 181->182 183 49b30a-49b319 call 49b021 182->183 184 49b325-49b32b 182->184 192 49b31b 183->192 193 49b31c-49b323 183->193 185 49b3cd 184->185 186 49b331-49b342 ??2@YAPAXI@Z 184->186 188 49b3cf-49b3d3 185->188 189 49b353 186->189 190 49b344-49b351 call 49a405 186->190 195 49b355-49b35b 189->195 190->195 192->193 193->183 193->184 197 49b38d-49b396 call 49b1af 195->197 198 49b35d-49b38b call 49a057 call 49adc4 call 49a90a call 49a080 195->198 203 49b398-49b3c4 call 49a057 call 49adc4 call 49a90a call 49a080 197->203 204 49b3c6-49b3c8 call 49a7d8 197->204 198->188 203->185 204->185
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999294172.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.000000000054B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999514576.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999527750.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ??2@CountTick
                                                                                                                                                                                                                                                • String ID: Invalid tracker URL.$UDP Trackers disabled.
                                                                                                                                                                                                                                                • API String ID: 1586335746-3239080385
                                                                                                                                                                                                                                                • Opcode ID: 7df82f41a3662142da4de1de0b65a981a67a907c675c6af56e5deefbc4aecf74
                                                                                                                                                                                                                                                • Instruction ID: e012321285f1a9367b100574be3407be3b25622a498367b2f636e362245e8568
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7df82f41a3662142da4de1de0b65a981a67a907c675c6af56e5deefbc4aecf74
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AB21B475A001209BCF11EFA5BD52ABE7B64FB16708740043FE95267292DF7818199BCE
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0043C5B1 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • RtlEnterCriticalSection.NTDLL(005431B8), ref: 0043C5C8
                                                                                                                                                                                                                                                • RtlLeaveCriticalSection.NTDLL(005431B8), ref: 0043C5ED
                                                                                                                                                                                                                                                • RtlInitializeCriticalSection.NTDLL(0054314C), ref: 0043C5F4
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999294172.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.000000000054B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999514576.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999527750.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CriticalSection$EnterInitializeLeave
                                                                                                                                                                                                                                                • String ID: dns
                                                                                                                                                                                                                                                • API String ID: 3991485460-2196626497
                                                                                                                                                                                                                                                • Opcode ID: 4a91c240b09d77c3ef5056d93b1e20f5fc306e2a58f40cff44b38f78e6df9c32
                                                                                                                                                                                                                                                • Instruction ID: e0ab7797676725561b9d37e6b534f1cda693accf133c2f0c670ee902131896d1
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4a91c240b09d77c3ef5056d93b1e20f5fc306e2a58f40cff44b38f78e6df9c32
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 72E06C325001557BD70567AAECC9DEF7A6CAF85715F040075F201B6152CE550A0583B5
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0043C436 Relevance: 6.0, APIs: 4, Instructions: 42threadCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 290 43c436-43c448 291 43c4a4-43c4aa RtlLeaveCriticalSection 290->291 292 43c44a-43c465 RtlEnterCriticalSection call 43c341 GetCurrentThreadId 290->292 295 43c4a0-43c4a3 RtlLeaveCriticalSection 292->295 296 43c467-43c46d 292->296 295->291 296->295 297 43c46f-43c49b 296->297 297->295 298 43c49d 297->298 298->295
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • RtlEnterCriticalSection.NTDLL(005431B8), ref: 0043C44C
                                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 0043C45B
                                                                                                                                                                                                                                                • RtlLeaveCriticalSection.NTDLL(005431B8), ref: 0043C4A1
                                                                                                                                                                                                                                                • RtlLeaveCriticalSection.NTDLL(0054314C), ref: 0043C4A5
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999294172.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.000000000054B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999514576.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999527750.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CriticalSection$Leave$CurrentEnterThread
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2905768538-0
                                                                                                                                                                                                                                                • Opcode ID: f1868ce94f52ab719e366593b7ea1adbb65317a775ae6f436c5795f56f5cb87c
                                                                                                                                                                                                                                                • Instruction ID: 7d8ba6755e7438827e13f129986cd2114c4aaab8629c6976e64154cfb093b7c2
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f1868ce94f52ab719e366593b7ea1adbb65317a775ae6f436c5795f56f5cb87c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3801D6397001008F87189F25DCC48B9B768EBEA328315A16FD4055B232DE37DA08D744
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00438A7E Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 152COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 299 438a7e-438a94 300 438aa2-438aa4 299->300 301 438a96-438a9c 299->301 303 438c09-438c0b 300->303 301->301 302 438a9e-438aa0 301->302 302->300 304 438aa9-438ace ??2@YAPAXI@Z 302->304 305 438ad0-438ad9 304->305 306 438ade-438aee call 49f8ae 304->306 305->305 307 438adb 305->307 310 438aee call 4a0e81 306->310 307->306 311 438af3-438af9 310->311 312 438afc-438b15 311->312 313 438b5a-438b5d 312->313 314 438b17-438b25 313->314 315 438b5f 313->315 316 438b64-438b67 314->316 317 438b27-438b3b 314->317 315->316 318 438bb7-438bbc 316->318 319 438b69-438b6f 316->319 320 438b61 317->320 321 438b3d-438b42 317->321 318->312 323 438bc2-438bc7 318->323 319->318 322 438b71-438b74 319->322 320->316 321->320 324 438b44-438b4f 321->324 329 438b83-438b85 322->329 330 438b76-438b81 322->330 325 438bc9-438bdd 323->325 326 438bfd-438c08 ??3@YAXPAX@Z 323->326 327 438b53-438b57 324->327 328 438b51 324->328 325->326 331 438bdf-438be4 325->331 326->303 327->313 328->327 329->318 332 438b87-438b8b 329->332 330->318 330->329 333 438be6-438bf6 331->333 334 438bf8-438bfb 331->334 335 438b8e-438b92 332->335 333->334 334->326 334->331 336 438bb1-438bb5 335->336 337 438b94-438bae 335->337 336->318 336->335 337->336
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.1999307474.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999294172.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.000000000054B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999307474.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999514576.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.1999527750.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ??2@??3@
                                                                                                                                                                                                                                                • String ID: 4-T
                                                                                                                                                                                                                                                • API String ID: 1936579350-2416925532
                                                                                                                                                                                                                                                • Opcode ID: 3d1a0d05e3735e56db24aa2cf674a98259d5590613e8eb42717ec5cebba897a4
                                                                                                                                                                                                                                                • Instruction ID: 1c270ae4fb1ea26f8b841b5d570e454327e2dedc51aae199c91a21947af6457e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3d1a0d05e3735e56db24aa2cf674a98259d5590613e8eb42717ec5cebba897a4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2F517EB0A003068FCB19CF58C9D05AEF7B2FB99318F64546EE0029B341DB79AD42CB58
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                                Execution Coverage:8.2%
                                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                Signature Coverage:0%
                                                                                                                                                                                                                                                Total number of Nodes:171
                                                                                                                                                                                                                                                Total number of Limit Nodes:6
                                                                                                                                                                                                                                                execution_graph 841 4371fa 842 437200 GetCurrentThread SetThreadPriority 841->842 843 43721a 841->843 844 437237 GetCurrentThread SetThreadPriority 842->844 845 43721f GetCurrentThread SetThreadPriority 843->845 846 43723c 843->846 844->846 845->844 847 5c3c00 848 5c3c18 VirtualProtect VirtualProtect 847->848 850 5c47b0 848->850 850->850 1001 439d9e GetCurrentThreadId 1002 439db2 1001->1002 1003 439db9 1001->1003 1007 4371fa 1002->1007 1013 439c02 1003->1013 1006 439dc2 1008 437200 GetCurrentThread SetThreadPriority 1007->1008 1009 43721a 1007->1009 1010 437237 GetCurrentThread SetThreadPriority 1008->1010 1011 43721f GetCurrentThread SetThreadPriority 1009->1011 1012 43723c 1009->1012 1010->1012 1011->1010 1012->1003 1021 439c29 1013->1021 1014 43c3b8 5 API calls 1014->1021 1016 439c52 WaitForSingleObject 1018 43c3b8 5 API calls 1016->1018 1017 439d78 1020 43c436 4 API calls 1017->1020 1018->1021 1022 439d7f PostMessageW 1020->1022 1021->1014 1021->1017 1023 43c436 4 API calls 1021->1023 1024 4371fa 6 API calls 1021->1024 1025 43c436 1021->1025 1032 438a7e 1021->1032 1022->1006 1023->1021 1024->1021 1026 43c4a4 RtlLeaveCriticalSection 1025->1026 1027 43c44a RtlEnterCriticalSection 1025->1027 1026->1016 1040 43c341 1027->1040 1029 43c459 GetCurrentThreadId 1030 43c4a0 RtlLeaveCriticalSection 1029->1030 1031 43c467 1029->1031 1030->1026 1031->1030 1033 438aa2 1032->1033 1034 438a96 1032->1034 1033->1021 1034->1033 1034->1034 1035 438aa9 ??2@YAPAXI 1034->1035 1036 438ad0 1035->1036 1037 4a0e81 GetTickCount 1036->1037 1039 438af3 ??3@YAXPAX 1037->1039 1039->1033 1041 43c37b 1040->1041 1041->1029 851 46f4e8 856 46f337 GetTickCount 851->856 857 46f364 856->857 858 46f4e2 856->858 859 46f366 GetTickCount 857->859 880 4b1615 857->880 877 48b74d 858->877 859->857 860 46f383 Sleep 859->860 862 46f37f 860->862 862->860 884 46b690 WSAWaitForMultipleEvents 862->884 885 4a0eba 862->885 865 46f39a GetTickCount 868 46f3af 865->868 868->859 870 4a0eba 2 API calls 868->870 874 46f4e0 868->874 893 46b834 868->893 896 46f2ee 868->896 900 4e15ee 868->900 908 49b2c7 868->908 916 46c8a5 868->916 923 4232e1 868->923 926 4a01a7 868->926 929 46f29c 868->929 870->868 874->858 1000 468618 ??3@YAXPAX 877->1000 879 46f4fb 881 4b1623 880->881 882 4b161e 880->882 881->862 933 4b156e 882->933 884->862 886 4a0ec9 885->886 892 4a0eec 885->892 951 4a0e81 886->951 888 4a0e81 GetTickCount 890 4a0f02 __aulldiv 888->890 889 4a0ed7 __aulldiv 955 469300 GetSystemTime 889->955 890->865 892->888 957 43c3b8 RtlEnterCriticalSection 893->957 897 46f2f5 896->897 899 46f335 896->899 898 46f31d WSAWaitForMultipleEvents 897->898 898->897 898->899 899->868 901 4e15f3 900->901 903 4e16d8 901->903 904 4e1695 901->904 963 48b5c5 901->963 903->868 906 4e16a8 904->906 966 48bc10 904->966 906->903 970 4e0c68 906->970 909 49b2dc 908->909 910 49b2f5 GetTickCount 908->910 909->910 911 49b30a 910->911 912 49b331 ??2@YAPAXI 911->912 915 49b34f 911->915 913 49b344 912->913 912->915 985 49a405 913->985 915->868 993 468618 ??3@YAXPAX 916->993 918 46c8b2 921 46c8e2 918->921 994 468618 ??3@YAXPAX 918->994 922 46c906 921->922 995 468618 ??3@YAXPAX 921->995 922->868 924 4232f3 923->924 925 4232ea HeapCompact 923->925 924->868 925->924 927 4a01b9 926->927 928 4a01b0 HeapCompact 926->928 927->868 928->927 930 46f2a8 929->930 932 46f2ad 929->932 996 43b01b 930->996 932->868 934 4b157c 933->934 936 4b15e8 934->936 943 443bd8 934->943 936->881 937 4b15a1 941 4b15b8 937->941 946 442beb RegQueryInfoKeyW 937->946 939 443bd8 2 API calls 940 4b15d1 939->940 940->936 947 442beb RegQueryInfoKeyW 940->947 941->936 941->939 948 442a06 943->948 946->941 947->936 949 442a0f RegCloseKey 948->949 950 442a19 RegOpenKeyExW 948->950 949->950 950->937 952 4a0e8a 951->952 953 4a0eb1 GetTickCount 952->953 954 4a0e95 952->954 953->889 954->889 956 469331 955->956 956->892 958 43c432 GetCurrentThreadId 957->958 959 43c3cf RtlEnterCriticalSection 957->959 958->868 960 43c3d9 959->960 961 43c42b RtlLeaveCriticalSection 960->961 962 43c3e5 GetCurrentThreadId GetCurrentThreadId 960->962 961->958 962->961 964 48b5d3 memcpy 963->964 965 48b5f5 963->965 964->965 965->901 967 48bc1b 966->967 969 48bc24 966->969 980 468618 ??3@YAXPAX 967->980 969->906 972 4e0c7b 970->972 973 4e0ccf 972->973 981 468618 ??3@YAXPAX 972->981 975 4e0cea 973->975 982 468618 ??3@YAXPAX 973->982 983 468618 ??3@YAXPAX 975->983 977 4e0cf7 984 468618 ??3@YAXPAX 977->984 979 4e0d04 980->969 981->972 982->973 983->977 984->979 986 49a41a 985->986 989 48bc64 986->989 988 49a47d 988->915 990 48bc7b 989->990 991 48bc8e memcpy 989->991 992 48bc10 ??3@YAXPAX 990->992 991->988 992->991 993->918 994->918 995->921 997 43b024 996->997 999 43b032 996->999 998 43c3b8 5 API calls 997->998 998->999 999->932 1000->879 1042 43abac 1043 43abb5 1042->1043 1044 43abc4 1042->1044 1046 43c5b1 1043->1046 1047 43c5f3 RtlInitializeCriticalSection 1046->1047 1048 43c5c7 RtlEnterCriticalSection 1046->1048 1047->1044 1049 43c5d8 1048->1049 1052 43c4ab 1049->1052 1053 43c4b9 1052->1053 1056 48c20c 1053->1056 1055 43c4dd RtlLeaveCriticalSection 1055->1047 1057 48c21b 1056->1057 1058 48c223 memmove 1056->1058 1060 48c18f 1057->1060 1058->1055 1061 48c199 1060->1061 1062 48bc10 ??3@YAXPAX 1061->1062 1063 48c1a6 1062->1063 1063->1058

                                                                                                                                                                                                                                                Callgraph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                • Opacity -> Relevance
                                                                                                                                                                                                                                                • Disassembly available
                                                                                                                                                                                                                                                callgraph 0 Function_0043C341 23 Function_00405D72 0->23 1 Function_0048B74D 48 Function_00468618 1->48 2 Function_0040844D 3 Function_0048B5C5 4 Function_0049B2C7 10 Function_0049A057 4->10 36 Function_0049A080 4->36 38 Function_0049A405 4->38 53 Function_0049B021 4->53 5 Function_0046B8D3 6 Function_0046B850 7 Function_00443BD8 31 Function_00442A06 7->31 8 Function_0041FCDC 8->2 9 Function_0043C2DD 9->23 11 Function_0049F156 12 Function_004E15EE 12->3 15 Function_004E0C68 12->15 42 Function_0048BC10 12->42 64 Function_004E15B6 12->64 13 Function_004232E1 14 Function_004B156E 14->7 20 Function_00442BEB 14->20 33 Function_00442A00 14->33 24 Function_004DF779 15->24 15->48 62 Function_004DF6BF 15->62 16 Function_0046F2EE 55 Function_0046F1AB 16->55 17 Function_00487E60 18 Function_0048BC64 18->42 19 Function_0046F4E8 19->1 59 Function_0046F337 19->59 21 Function_00401270 22 Function_0046DFF7 25 Function_004E00FB 26 Function_004371FA 27 Function_00438A7E 37 Function_004A0E81 27->37 51 Function_0049F8AE 27->51 28 Function_0046DE78 29 Function_00401400 30 Function_00439C02 30->26 30->27 40 Function_00437413 30->40 54 Function_00437129 30->54 63 Function_0043C436 30->63 65 Function_004373BA 30->65 66 Function_0043C3B8 30->66 32 Function_0048C20C 35 Function_0048C18F 32->35 34 Function_00469300 50 Function_004692A3 34->50 35->42 38->17 38->18 39 Function_0043C00C 41 Function_0046B690 42->48 43 Function_0043B01B 43->66 44 Function_0046F29C 44->43 45 Function_005C3C00 46 Function_00439D9E 46->26 46->30 47 Function_004B1615 47->14 49 Function_0046C8A5 49->48 50->21 51->11 52 Function_0043C4AB 52->9 52->32 53->10 53->36 54->29 56 Function_004A01A7 57 Function_0043ABAC 60 Function_0043C5B1 57->60 58 Function_004A0EBA 58->29 58->34 58->37 59->4 59->5 59->6 59->8 59->12 59->13 59->16 59->22 59->28 59->41 59->44 59->47 59->49 59->56 59->58 61 Function_0046B834 59->61 60->39 60->52 61->66 63->0 64->25 66->0

                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                Function 005C3C00 Relevance: 3.9, APIs: 2, Instructions: 879memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • VirtualProtect.KERNELBASE(-00001000,00001000,00000004,?,00000018), ref: 005C4793
                                                                                                                                                                                                                                                • VirtualProtect.KERNELBASE(-00001000,00001000), ref: 005C47A8
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000009.00000002.2078948963.00000000005C3000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078684779.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.000000000054B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078980081.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                                                                                                                • Opcode ID: adc767022a725d7b59a43354edcefaa6b920ae0b6e695f04c20663282151ebdd
                                                                                                                                                                                                                                                • Instruction ID: c82c76eaa7c433a81f545ea17fe59400075ed6e2d987560102243a7c2a33a7b6
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: adc767022a725d7b59a43354edcefaa6b920ae0b6e695f04c20663282151ebdd
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 98728A315083558FD724CF68C890B6ABBE1FF8A384F154A2DE9A58B351E371D985CF82
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 004371FA Relevance: 9.0, APIs: 6, Instructions: 27threadCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetCurrentThread.KERNEL32 ref: 0043720B
                                                                                                                                                                                                                                                • SetThreadPriority.KERNELBASE(00000000), ref: 00437214
                                                                                                                                                                                                                                                • GetCurrentThread.KERNEL32 ref: 0043722A
                                                                                                                                                                                                                                                • SetThreadPriority.KERNEL32(00000000), ref: 00437233
                                                                                                                                                                                                                                                • GetCurrentThread.KERNEL32 ref: 00437237
                                                                                                                                                                                                                                                • SetThreadPriority.KERNELBASE(00000000), ref: 0043723A
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078684779.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.000000000054B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078948963.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078980081.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Thread$CurrentPriority
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1343868529-0
                                                                                                                                                                                                                                                • Opcode ID: 676de2501da33460a3ae05aab1acf7e72cd43594922d2dc9fdf2b0796fd57fec
                                                                                                                                                                                                                                                • Instruction ID: 98b7f03d03192239b80dc3813169242e7629338a1043ac82295b91da3c824815
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 676de2501da33460a3ae05aab1acf7e72cd43594922d2dc9fdf2b0796fd57fec
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 20E0D872D0816411CD202BE62C44F1F2A1CEBC9331F1A0497F3009F180856458414BA7
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00443BD8 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14registryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 160 443bd8-443bfb call 442a06 RegOpenKeyExW
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00442A06: RegCloseKey.KERNELBASE(00000000,?,00443BE0,Software\Wine,004B15A1,80000002,Software\Wine,00020019,00000000,00000019,74DF23A0,?,?,?,004B1623,0046F37F), ref: 00442A10
                                                                                                                                                                                                                                                • RegOpenKeyExW.KERNELBASE(?,?,00000000,?,?,Software\Wine,004B15A1,80000002,Software\Wine,00020019,00000000,00000019,74DF23A0), ref: 00443BEF
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078684779.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.000000000054B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078948963.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078980081.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CloseOpen
                                                                                                                                                                                                                                                • String ID: Software\Wine
                                                                                                                                                                                                                                                • API String ID: 47109696-669380751
                                                                                                                                                                                                                                                • Opcode ID: e6e61b4e1139124512d0c4bf1d47d5d43052b3154064fb2fa45849c4338c0c13
                                                                                                                                                                                                                                                • Instruction ID: 27eb3eee8b7a423b2ae2d0062fb25aff889c2060e01e461cfa5658acbba1d7d5
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e6e61b4e1139124512d0c4bf1d47d5d43052b3154064fb2fa45849c4338c0c13
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 24D02232058231AAC730AF309C00F8B7E94EFA5740F00092AB041A00B1C1A2C81697A1
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00442A06 Relevance: 1.5, APIs: 1, Instructions: 10registryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 163 442a06-442a0d 164 442a0f-442a16 RegCloseKey 163->164 165 442a19-442a1a 163->165 164->165
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • RegCloseKey.KERNELBASE(00000000,?,00443BE0,Software\Wine,004B15A1,80000002,Software\Wine,00020019,00000000,00000019,74DF23A0,?,?,?,004B1623,0046F37F), ref: 00442A10
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078684779.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.000000000054B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078948963.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078980081.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Close
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3535843008-0
                                                                                                                                                                                                                                                • Opcode ID: d656e0732be45c8aa06141d7b783103bcc3aa4426a1adeda529f3cb3e35a2039
                                                                                                                                                                                                                                                • Instruction ID: f3813982204b5ae850940b5f19d2ed492c129e3a370f6e81e8cb5ac3dee6d7ca
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d656e0732be45c8aa06141d7b783103bcc3aa4426a1adeda529f3cb3e35a2039
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 36C04C3151522147D7709F59F94476273E85F04362F15045AB880EA145D6A48880869C
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                                Function 0046F337 Relevance: 6.1, APIs: 4, Instructions: 129sleepCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 227 46f337-46f35e GetTickCount 228 46f364-46f365 227->228 229 46f4e2-46f4e7 227->229 230 46f366-46f378 GetTickCount 228->230 231 46f383-46f38a Sleep 230->231 232 46f37a call 4b1615 230->232 234 46f38c-46f3ad call 46b690 call 4a0eba GetTickCount 231->234 235 46f37f-46f381 232->235 240 46f3b5 234->240 241 46f3af-46f3b3 234->241 235->231 235->234 242 46f3ba-46f3cb 240->242 241->242 243 46f3e4-46f3f7 call 46b834 call 46f2ee 242->243 244 46f3cd-46f3de 242->244 250 46f409-46f412 243->250 251 46f3f9-46f404 call 4e15ee call 49b2c7 243->251 244->243 245 46f3e0 244->245 245->243 253 46f414-46f430 call 4a0eba 250->253 254 46f478-46f47a 250->254 251->250 267 46f457-46f473 call 46cc1b call 46cfe4 call 46b8d3 253->267 268 46f432-46f43f 253->268 256 46f47c-46f483 254->256 257 46f4b8-46f4da call 46de78 call 46f29c call 46b850 254->257 261 46f485 call 41fcdc 256->261 262 46f48a-46f4a2 call 46ded2 256->262 257->230 285 46f4e0-46f4e1 257->285 261->262 262->257 276 46f4a4-46f4b3 call 46c8a5 call 4232e1 call 4a01a7 262->276 267->254 272 46f446-46f455 268->272 273 46f441 call 46dff7 268->273 272->267 272->268 273->272 276->257 285->229
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 0046F342
                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 0046F36F
                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000019,?,?,?,?,?,?,?,?,?,?,?,0046F4F1), ref: 0046F384
                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 0046F3A5
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078684779.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.000000000054B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078948963.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078980081.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CountTick$Sleep
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 4250438611-0
                                                                                                                                                                                                                                                • Opcode ID: 819843abe4a9d3fb02cbded1e72c211db5137714abf1aec688d9882672f31283
                                                                                                                                                                                                                                                • Instruction ID: fea66f8f8180269b15010c85c1ca9a3a1de86c56fec6988f8bb0eb06049ebec8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 819843abe4a9d3fb02cbded1e72c211db5137714abf1aec688d9882672f31283
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A9418C719083419FD714EF26E49526EB7E5AFA5308F00442FF4C587262EB3C8989CB9B
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0043C3B8 Relevance: 7.5, APIs: 5, Instructions: 44threadCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • RtlEnterCriticalSection.NTDLL(0054314C), ref: 0043C3C4
                                                                                                                                                                                                                                                • RtlEnterCriticalSection.NTDLL(005431B8), ref: 0043C3D0
                                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 0043C419
                                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 0043C425
                                                                                                                                                                                                                                                • RtlLeaveCriticalSection.NTDLL(005431B8), ref: 0043C42C
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078684779.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.000000000054B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078948963.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078980081.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CriticalSection$CurrentEnterThread$Leave
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3476096762-0
                                                                                                                                                                                                                                                • Opcode ID: 35474f90d31593a1f8cab07f4f85810501e0e74ce28638b86a7298497c40546c
                                                                                                                                                                                                                                                • Instruction ID: 7e012595fc6096444b6f3579f6d7fb995ba997b66bce14fbd92c62cb22b89932
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 35474f90d31593a1f8cab07f4f85810501e0e74ce28638b86a7298497c40546c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B00171365006448F8720DF29FDC58A5B7ECFB99308341142BD90AE7231CB36AE09DB94
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0049B2C7 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 85COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 180 49b2c7-49b2da 181 49b2dc-49b2ee 180->181 182 49b2f5-49b308 GetTickCount 180->182 181->182 183 49b30a-49b319 call 49b021 182->183 184 49b325-49b32b 182->184 192 49b31b 183->192 193 49b31c-49b323 183->193 185 49b3cd 184->185 186 49b331-49b342 ??2@YAPAXI@Z 184->186 188 49b3cf-49b3d3 185->188 189 49b353 186->189 190 49b344-49b351 call 49a405 186->190 195 49b355-49b35b 189->195 190->195 192->193 193->183 193->184 197 49b38d-49b396 call 49b1af 195->197 198 49b35d-49b38b call 49a057 call 49adc4 call 49a90a call 49a080 195->198 203 49b398-49b3c4 call 49a057 call 49adc4 call 49a90a call 49a080 197->203 204 49b3c6-49b3c8 call 49a7d8 197->204 198->188 203->185 204->185
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078684779.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.000000000054B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078948963.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078980081.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ??2@CountTick
                                                                                                                                                                                                                                                • String ID: Invalid tracker URL.$UDP Trackers disabled.
                                                                                                                                                                                                                                                • API String ID: 1586335746-3239080385
                                                                                                                                                                                                                                                • Opcode ID: 7df82f41a3662142da4de1de0b65a981a67a907c675c6af56e5deefbc4aecf74
                                                                                                                                                                                                                                                • Instruction ID: e012321285f1a9367b100574be3407be3b25622a498367b2f636e362245e8568
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7df82f41a3662142da4de1de0b65a981a67a907c675c6af56e5deefbc4aecf74
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AB21B475A001209BCF11EFA5BD52ABE7B64FB16708740043FE95267292DF7818199BCE
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0043C5B1 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • RtlEnterCriticalSection.NTDLL(005431B8), ref: 0043C5C8
                                                                                                                                                                                                                                                • RtlLeaveCriticalSection.NTDLL(005431B8), ref: 0043C5ED
                                                                                                                                                                                                                                                • RtlInitializeCriticalSection.NTDLL(0054314C), ref: 0043C5F4
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078684779.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.000000000054B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078948963.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078980081.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CriticalSection$EnterInitializeLeave
                                                                                                                                                                                                                                                • String ID: dns
                                                                                                                                                                                                                                                • API String ID: 3991485460-2196626497
                                                                                                                                                                                                                                                • Opcode ID: 4a91c240b09d77c3ef5056d93b1e20f5fc306e2a58f40cff44b38f78e6df9c32
                                                                                                                                                                                                                                                • Instruction ID: e0ab7797676725561b9d37e6b534f1cda693accf133c2f0c670ee902131896d1
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4a91c240b09d77c3ef5056d93b1e20f5fc306e2a58f40cff44b38f78e6df9c32
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 72E06C325001557BD70567AAECC9DEF7A6CAF85715F040075F201B6152CE550A0583B5
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0043C436 Relevance: 6.0, APIs: 4, Instructions: 42threadCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 290 43c436-43c448 291 43c4a4-43c4aa RtlLeaveCriticalSection 290->291 292 43c44a-43c465 RtlEnterCriticalSection call 43c341 GetCurrentThreadId 290->292 295 43c4a0-43c4a3 RtlLeaveCriticalSection 292->295 296 43c467-43c46d 292->296 295->291 296->295 297 43c46f-43c49b 296->297 297->295 298 43c49d 297->298 298->295
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • RtlEnterCriticalSection.NTDLL(005431B8), ref: 0043C44C
                                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 0043C45B
                                                                                                                                                                                                                                                • RtlLeaveCriticalSection.NTDLL(005431B8), ref: 0043C4A1
                                                                                                                                                                                                                                                • RtlLeaveCriticalSection.NTDLL(0054314C), ref: 0043C4A5
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078684779.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.000000000054B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078948963.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078980081.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CriticalSection$Leave$CurrentEnterThread
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2905768538-0
                                                                                                                                                                                                                                                • Opcode ID: f1868ce94f52ab719e366593b7ea1adbb65317a775ae6f436c5795f56f5cb87c
                                                                                                                                                                                                                                                • Instruction ID: 7d8ba6755e7438827e13f129986cd2114c4aaab8629c6976e64154cfb093b7c2
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f1868ce94f52ab719e366593b7ea1adbb65317a775ae6f436c5795f56f5cb87c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3801D6397001008F87189F25DCC48B9B768EBEA328315A16FD4055B232DE37DA08D744
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00438A7E Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 152COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 299 438a7e-438a94 300 438aa2-438aa4 299->300 301 438a96-438a9c 299->301 303 438c09-438c0b 300->303 301->301 302 438a9e-438aa0 301->302 302->300 304 438aa9-438ace ??2@YAPAXI@Z 302->304 305 438ad0-438ad9 304->305 306 438ade-438aee call 49f8ae 304->306 305->305 307 438adb 305->307 310 438aee call 4a0e81 306->310 307->306 311 438af3-438af9 310->311 312 438afc-438b15 311->312 313 438b5a-438b5d 312->313 314 438b17-438b25 313->314 315 438b5f 313->315 316 438b64-438b67 314->316 317 438b27-438b3b 314->317 315->316 318 438bb7-438bbc 316->318 319 438b69-438b6f 316->319 320 438b61 317->320 321 438b3d-438b42 317->321 318->312 323 438bc2-438bc7 318->323 319->318 322 438b71-438b74 319->322 320->316 321->320 324 438b44-438b4f 321->324 329 438b83-438b85 322->329 330 438b76-438b81 322->330 325 438bc9-438bdd 323->325 326 438bfd-438c08 ??3@YAXPAX@Z 323->326 327 438b53-438b57 324->327 328 438b51 324->328 325->326 331 438bdf-438be4 325->331 326->303 327->313 328->327 329->318 332 438b87-438b8b 329->332 330->318 330->329 333 438be6-438bf6 331->333 334 438bf8-438bfb 331->334 335 438b8e-438b92 332->335 333->334 334->326 334->331 336 438bb1-438bb5 335->336 337 438b94-438bae 335->337 336->318 336->335 337->336
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000009.00000002.2078700014.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078684779.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.000000000052C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.0000000000542000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.000000000054B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.000000000056A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.0000000000597000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.000000000059F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078700014.00000000005C0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078948963.00000000005C3000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000009.00000002.2078980081.00000000005C5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_400000_BitTorrent.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ??2@??3@
                                                                                                                                                                                                                                                • String ID: 4-T
                                                                                                                                                                                                                                                • API String ID: 1936579350-2416925532
                                                                                                                                                                                                                                                • Opcode ID: 3d1a0d05e3735e56db24aa2cf674a98259d5590613e8eb42717ec5cebba897a4
                                                                                                                                                                                                                                                • Instruction ID: 1c270ae4fb1ea26f8b841b5d570e454327e2dedc51aae199c91a21947af6457e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3d1a0d05e3735e56db24aa2cf674a98259d5590613e8eb42717ec5cebba897a4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2F517EB0A003068FCB19CF58C9D05AEF7B2FB99318F64546EE0029B341DB79AD42CB58
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%